Last Updated: March, 2022
I. The LogicGate Website
Information Submitted by Visitors. LogicGate collects information about Visitors when they visit the Website. The Website collects information actively from those Visitors who choose to submit information through the Website and its features, including, without limitation:
- the Contact Us and Request a Demo pages
- other online forms found on or through the Website
- communications with the Website Chat function
- blog posts and replies to Blog posts
- registration for LogicGate Events
- participation in online surveys
- reporting of problem(s) with the Website
The information actively collected may include without limitation: Visitor name and contact information, visitor company information, primary interest in potential use of the LogicGate Service and other LogicGate Offerings, email address, phone number, the Visitor’s communications with LogicGate, and any other information entered into the text boxes or fields on any form(s), notices, or agreements.
Information Collected as a result of Using the LogicGate Website. The passive information collected from Visitors as a result of visiting the LogicGate Website may include:
- analytics data, such as IP address
- general location information (city and country)
- company-level information
- technical information such as browser type, operating system, device identifiers, URLs of referring pages, conversion page, time stamp, crash data
- website usage data (which subpages are viewed, how long Visitors spend on various pages or features, what links visitors click, et cetera).
Note that the information passively collected from Visitors is anonymous and not personally identifiable unless the Visitors also actively and voluntarily submit their personal information through a LogicGate Website form or field.
Why Information Is Collected. Information is collected to enable, enhance, and customize the Visitor’s online experience on the Website. Information is also collected and used for Logic Gates sales, marketing, advertising, informational, educational, promotional, technical support, and other business purposes relating to LogicGate Offerings to potential and current LogicGate Customers. For example, contact information submitted by Visitors through an online form is used to direct sales efforts to individuals and companies interested in purchasing the LogicGate Service or in requesting a demonstration of the LogicGate Service. Additionally, collection of Visitor usage data helps LogicGate determine which online resources are helpful, which are being utilized, what topics are of interest, what needs improvement, etc.
How Information Is Collected. Actively submitted information is collected by interacting with our online chat feature as well as by completing and submitting online forms found on the LogicGate Website. Passively collected information is gathered from website cookies, web beacons, and other tracking or analytics technologies (e.g., Google Analytics, Google Ads, LinkedIn).
How Information Is Used. LogicGate uses the information it collects from Website Visitors to:
- help LogicGate better understand the needs and goals of Website Visitors
- disseminate information and provide updates about Logic Gates Offerings
- support requests from Website Visitors
- provide greater customer service and technical support
- enable email notification of changes to policies or the Service
- customize advertising and content
- conduct analysis and determine the effectiveness of the Website
- improve the online experience of LogicGate Website Visitors and LogicGate Service Customers.
With Whom Information Is Shared. Information is only shared with LogicGate employees, representatives, contractors, business partners/affiliates, and third-party service providers who provide analytics technologies for use in Logic Gates informational, marketing, and promotional endeavors. Personal information provided to LogicGate through the Website is not sold or used for commercial purposes unrelated to LogicGate without the express consent of individuals. Information, including personal information, may also be shared with law enforcement, government agencies, regulatory bodies, courts, or third parties when required or permitted by law or to enforce or protect Logic Gates legal rights and duties.
International Transfer of Data. LogicGate stores and processes personal information collected in connection with the Website in the United States or in any country where we engage third party service providers. If the Visitor is from the EEA and submits personal information to the Website, LogicGate will protect the personal information by processing it in a territory in which the European Commission has determined provides an adequate level of protection or otherwise implementing appropriate administrative, physical, and technical measures to protect the Visitor’s personal information through the use of Standard Contractual Clauses or other approved lawful transfer mechanisms. LogicGate may also rely on Visitors’ explicit consent or other applicable derogations under GDPR for such transfers in addition to application of measures set forth above.
How We Secure Information. LogicGate implements and maintains appropriate administrative, physical, and technical safeguards to protect personal information of Visitors from accidental or unlawful disclosure, loss, destruction, alteration, unauthorized access, or misuse. Any LogicGate service providers utilized in provision of the Website who have access to the personal information collected through the Website are required to keep it secure and confidential.
Retention. LogicGate retains personal information collected through the Website for as long as necessary to further the legitimate business purposes of LogicGate or as required by law, until a particular Visitor withdraws his or her consent. After a Visitor withdraws his or her consent to collect and use their personal information, LogicGate will delete or anonymize the information within a reasonable period of time provided such deletion or anonymization is technically feasible. To the extent that such deletion or anonymization is not feasible for technical or legal reasons—as may be the case with storage on backups or for legally required retention purposes—LogicGate will take all reasonable steps to cease using the personal information including without limitation removal from marketing databases, etc.
Rights of Website Visitors. Within certain jurisdictions, including but not limited to, the EEA, Visitors have some or all of the following rights in connection with their personal information:
- Right to Access and Portability – a right to know and access any personal information collected by LogicGate. Additionally, in certain jurisdictions, Visitors have the right to portability of their personal data.
- Right to Object and Request Changes – a right to object to the collection of or the accuracy of the content of their personal information. To the extent that Visitors object to the processing of personal information or that personal information contains any inaccuracies, Visitors may request that such information be changed or removed by LogicGate.
- Non-Discrimination – a right to be free from unlawful discrimination on the basis of any information provided to LogicGate.
- Right to Be Forgotten – right to be forgotten—that is, the right to have their personal information deleted or erased or otherwise removed from Logic Gates possession.
- Right to Consent or Not Consent – right to consent (i.e., opt-in) or not (i.e., opt-out) of collection of information by the LogicGate Website.
To the extent required by law, LogicGate will honor any requests or objections of Visitors based upon the above-listed rights provided that such requests or objections are adequately verified and technically feasible.
How To Contact LogicGate for Privacy Matters. Visitors can contact LogicGate regarding its Website privacy practices by emailing email@example.com. LogicGate will respond to your request as soon as practicable.
Additional Privacy Matters.
Do Not Track. Some Visitors use web browsers which contain a “Do Not Track” feature whereby the browser feature sends a signal to each website visited indicating that the Visitor does not want its online activities to be tracked by technologies third parties. LogicGate cannot guarantee that the Website will always respond to the Do Not Track features of all websites due to a lack of uniformity within the industry for Do Not Track technology.
Children. The LogicGate Website and Service is not intended for use by legal minors.
Personal information of children under age 13 should not be submitted to the Website.
II. The LogicGate Service
The LogicGate Service primarily collects and uses Customer Data and Other Customer Information during and for the implementation, provision, and technical support of the Service. For example, Customers supply information such as the name, address, contact and payment information as well as information provided by Customer about their business including their business needs (i.e., number and type of users and applications needed) regarding the Service during the configuration, implementation and provision of the Service. Additionally, information is collected and logged from Customers and End-users when they:
- register their account to access the LogicGate Service
- log-in and log-out of the LogicGate Service
- perform an activity, use a feature, or create or update a record within the LogicGate Service (including the time and date of such activities).
- request support from LogicGate
- provide feedback about the Service
This information is collected and processed by the LogicGate Service and is needed to enable End-Users and Customers to create records within their LogicGate Service instance and for Customers and End-Users to generate reports and utilize other Service features and third-party software integrations for GRC and other business purposes as determined, managed, and controlled by the Customers. In addition, this information is collected and used by LogicGate to provide technical support to Customers and End-Users as well as to make improvements to the LogicGate Service and notify Customers and End-Users about changes to the Service, LogicGate policies, and other LogicGate Offerings. Furthermore, LogicGate collects, processes, and uses Customer usage data and other quantitative data in furtherance of the Service and LogicGate Offerings. To the extent practicable, Logic Gates usage data only utilizes de-identified and anonymized Customer Data.
Retention. LogicGate retains Customer Data as long as the Customer has a valid contract in effect to use the Service and for the retention period set forth in the contract. LogicGate may retain Customer Data beyond that period only as necessary to comply with any legal requirements it may be subject to (e.g., tax, accounting, security, litigation holds) or as adopted by information security industry standards.
International Transfers. To the extent that LogicGate or its third-party service providers collects, processes, and stores Customer Data, LogicGate adheres to and complies with the EU-US and Swiss-US Privacy Shield Frameworks and Principles as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information transferred from the EU, UK, and Switzerland to the US. LogicGate may also rely on explicit consent or other applicable derogations for such transfers in addition to implementing appropriate administrative, physical, and technical measures to protect the Customer’s personal information. For more details, see Logic Gates Privacy Shield Notice below. For other international transfers of personal information from EEA, LogicGate will implement appropriate safeguards for the transfer of Customer Data consistent with industry standards and as agreed upon by LogicGate’s Customers.
Third Party Integrations. The LogicGate Service may also permit Customers to enable third party software integrations and applications in furtherance of the Customers’ business and GRC objectives. Those third-party software integrations may also collect and use Customer Data and/or Other Customer Information. The collection and use of any Customer Data or Other Customer Information made available to such third parties through the use of their software and applications by Customer will be governed by the Customer’s agreements and privacy policies of those third parties.
Information Security of the Service. LogicGate maintains appropriate administrative, physical, and technical safeguards and information security practices designed to protect Customer Data from accidental, unauthorized, or unlawful access, disclosure, alteration, or destruction, or loss. These safeguards include but are not limited to end-to-end encryption of data in transit as well as at rest. Furthermore, the Service permits the Customer to implement, configure, manage, and control their own use of the Service and to implement and enforce the Customer’s own security practices, including without limitation user access controls and encryption. For more details about LogicGate’s platform information security policies, please visit https://www.logicgate.com/logicgate-platform/platform-security/ or contact us at firstname.lastname@example.org.
- For End-Users and Third Party Individuals: LogicGate does not manage or control what information or data, including any personal information from End-Users and other third parties, Customers collect or use in connection with the Service, nor does LogicGate control how such personal information or data may be accessed, disclosed, or used by Logic Gates Customers. Therefore, End-Users and other third parties must contact the Customer directly in order to request access to any information with respect to any personal information stored or used in the Service or exercise any other privacy rights including without limitation the rights of objection, correction, erasure/deletion, and portability. Any requests or inquiries by End-Users directed at LogicGate will be redirected to the appropriate Customer or Customer’s designated administrative user of the Service. For privacy and security purposes, Customers and their administrative users (i.e., administrators) shall bear the responsibility of managing Customer user accounts and Customer Data as well as any aspects of the Service which Customer has control, including without limitation End-User accounts and activities of Customer or its End-Users.
- For Customers: Pursuant to Privacy Shield Framework and Principles as well as any applicable data protection laws, LogicGate will provide Customers with certain choices regarding certain information provided to LogicGate by Customer or any third party affiliates including: to access and know, correct, update, or request deletion of any personal information of Customer, and in certain jurisdictions, restriction of processing and portability of data. Customers should direct any privacy-related inquiries or requests relating to Other Customer Information to email@example.com.
PRIVACY SHIELD NOTICE.
LogicGate does not rely on EU-US Privacy Shield as a transfer mechanism of personal data from the EEA to the US, but remains committed to the obligations and principles of the Privacy Shield Framework set forth below.
Transfers of Data. LogicGate is responsible for the processing of personal data it receives under the Privacy Shield Framework and subsequent transfers to a third party acting as agents on Logic Gates behalf. The LogicGate Service complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions. With respect to personal data received or transferred pursuant to the Privacy Shield framework, the LogicGate Service is subject to the regulatory enforcement powers of the US Federal Trade Commission (FTC).
Disclosure of Personal Data. In certain situations, LogicGate may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. To the extent permitted by law or contract, LogicGate notifies Customers and End-Users of any efforts to obtain personal data by government agencies or other third parties and seeks to limit the personal information tendered pursuant to such efforts.
Procedure. In compliance with the Privacy Shield Principles, LogicGate commits to resolve complaints about LogicGate’s collection or use of personal information. Any inquiries or complaints related to Logic Gates Privacy Shield compliance may be directed to firstname.lastname@example.org. In the event of a dispute involving allegations that LogicGate has not complied with Privacy Shield, individuals may bring a complaint directly to LogicGate, and LogicGate must respond to the individual within 45 days. In the event of an unresolved privacy or data use concern that LogicGate has not addressed satisfactorily, contact LogicGate’s US-based third party dispute resolution provider (free of charge) at https://www.jamsadr.com/eu-us-privacy-shield. If an individual submits a complaint to a data protection authority (DPA) in the EU, the Department of Commerce has committed to receive, review and undertake best efforts to facilitate resolution of the complaint and to respond to the DPA within 90 days. Under certain conditions, more fully described on the Privacy Shield website, a complaining party may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
Principles and Commitments. LogicGate further commits to the following with respect to the Privacy Shield Principles:
- to cooperate with the US Department of Commerce and respond promptly to inquiries and requests by the Department of Commerce for information relating to the Privacy Shield Framework.
- to maintain data integrity and limit personal information to the information relevant for the purposes of processing.
- to comply with the new data retention principle.
- to ensure accountability for data transferred to third parties in that to transfer personal information to a third party acting as a controller, LogicGate must comply with the Notice and Choice Principles; and enter into a contract with the third-party controller that provides that such data may only be processed for limited and specified purposes consistent with the consent provided by the individual and that the recipient will provide the same level of protection as the Principles and will notify the organization if it makes a determination that it can no longer meet this obligation. The contract shall provide that when such a determination is made the third-party controller ceases processing or takes other reasonable and appropriate steps to remediate.
- when transferring personal data to a third party acting as an agent, LogicGate will
- transfer such data only for limited and specified purposes;
- ascertain that the agent is obligated to provide at least the same level of privacy protection as is required by the Principles;
- take reasonable and appropriate steps to ensure that the agent effectively processes the personal information transferred in a manner consistent with the organization’s obligations under the Principles;
- require the agent to notify the organization if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the Principles;
- upon notice, take reasonable and appropriate steps to stop and remediate unauthorized processing; and
- provide a summary or a representative copy of the relevant privacy provisions of its contract with that agent to the Department upon request.
- LogicGate will make public any relevant Privacy Shield-related sections of any compliance or assessment report submitted to the FTC if the organization becomes subject to an FTC or court order based on non-compliance.
- ensure commitments made pursuant to the Privacy Shield Framework are kept as long as data is held; and if an organization leaves the Privacy Shield Framework, it must annually certify its commitment to apply the Principles to information received under the Privacy Shield Framework if it chooses to keep such data or provide “adequate” protection for the information by another authorized means.
For more information, see www.privacyshield.gov.
Attn: General Counsel
320 W. Ohio Street
Chicago, IL 60645
© 2022 LogicGate, Inc.®