LogicGate, Inc.® Privacy Policy

Effective April 14, 2023

privacy-policy_hero-device

Data privacy and transparency are important to LogicGate. This Privacy Policy addresses what information LogicGate, Inc. and our wholly owned affiliate, LogicGate UK Ltd., (collectively “LogicGate”), collects, why it is collected, how it is collected and used, with whom the information is shared, and the rights of individuals relating to their information.  LogicGate only collects and uses the information necessary for its legitimate business purposes as set forth in this Privacy Policy. LogicGate limits the amount and type of data it collects and uses to the extent possible, and to that which LogicGate deems necessary.  For clarity, this Privacy Policy distinguishes between LogicGate’s public website (https://www.logicgate.com) (hereafter, “the Website” or “LogicGate Website”) and the LogicGate cloud-based software-as-a-service GRC platform (hereafter, “the Service” or “LogicGate Service”).  Moreover, for the purposes of this Privacy Policy, “Visitors” means any third-party individuals who visit or interact with the LogicGate Website, “Customers” means individuals and/or entities who purchase a subscription to the LogicGate Service, and “End-Users” means authorized individuals who use or otherwise directly interact with the LogicGate Service (e.g., employees of Customers).  Furthermore, “LogicGate Offerings” means the Service and its present and future features, informational or promotional materials, and events organized or sponsored by LogicGate, and “personal information” means information that identifies or could reasonably be linked, directly or indirectly, with a particular individual (e.g., name, address, and/or email).

I. The LogicGate Website

What Information Is Collected.  The LogicGate Website only collects and uses the information necessary for its legitimate business purposes as set forth in this Privacy Policy. LogicGate limits the amount and type of data it collects and uses to the extent possible, and to that which LogicGate deems necessary.

Information Submitted by Visitors.  LogicGate collects information about Visitors when they visit the Website.  The Website collects information actively from those Visitors who choose to submit information through the Website and its features, including, without limitation:

The information actively collected may include without limitation: Visitor name and contact information, visitor company information, primary interest in potential use of the LogicGate Service and other LogicGate Offerings, email address, phone number, the Visitor’s communications with LogicGate, and any other information entered into the text boxes or fields on any form(s), notices, or agreements.

Information Collected as a result of Using the LogicGate Website. The passive information collected from Visitors as a result of visiting the LogicGate Website may include: 

Why Information Is Collected.  Information is collected to enable, enhance, and customize the Visitor’s online experience on the Website.  Information is also collected and used for LogicGate's sales, marketing, advertising, informational, educational, promotional, technical support, and other business purposes relating to LogicGate Offerings to potential and current LogicGate Customers.  For example, contact information submitted by Visitors through an online form is used to direct sales efforts to individuals and companies interested in purchasing the LogicGate Service or in requesting a demonstration of the LogicGate Service.  Additionally, collection of Visitor usage data helps LogicGate determine which online resources are helpful, which are being utilized, what topics are of interest, what needs improvement, etc.  

How Information Is Collected.  Actively submitted information is collected by interacting with our online chat feature as well as by completing and submitting online forms found on the LogicGate Website.  Passively collected information is gathered from website cookies, web beacons, and other tracking or analytics technologies (e.g., Google Analytics, Google Ads, LinkedIn).  

How Information Is Used.  LogicGate uses the information it collects from Website Visitors to:

With Whom Information Is Shared.  Information is only shared with LogicGate employees, representatives, contractors, business partners/affiliates, and third-party service providers who provide analytics technologies for use in LogicGate's informational, marketing, and promotional endeavors. Personal information provided to LogicGate through the Website is not sold or used for commercial purposes unrelated to LogicGate without the express consent of individuals.  Information, including personal information, may also be shared with law enforcement, government agencies, regulatory bodies, courts, or third parties when required or permitted by law or to enforce or protect LogicGate's legal rights and duties.

Cookies and Similar Technologies.  LogicGate and our third-party partners, such as our advertising and analytics partners, use cookies and other tracking technologies (e.g., web beacons, device identifiers and pixels) to provide functionality, customize content, and recognize Visitors and other individuals across different services and devices. Visitors may exercise choice regarding the use of cookies when they first visit the Website and may change their preferences at any subsequent time. Furthermore, Visitors may choose not to have cookies downloaded onto their computers by restricting cookies within their browser settings.  However, should Visitors restrict their cookies settings, LogicGate cannot guarantee that all Website functionality will work as intended. 

Legal Basis for Processing.  If you are from the European Economic Area (“EEA”), our legal basis for collecting and using a Visitor’s personal information varies depending upon what information is provided, where it is submitted within the Website, and why it was submitted.  However, in general, LogicGate will only collect and use a Visitor’s personal information with their express consent and in accordance with the general purpose for which the Visitor submitted their information or for any other lawful purpose set forth in this Privacy Policy including, without limitation, the performance of a contract a Visitor may have with LogicGate, where LogicGate is legally obligated to collect such personal information, where processing the personal information is necessary for the legitimate interests pursued by LogicGate or by a third party and where LogicGate's legitimate interests outweigh the Visitor’s data protection or other rights.

International Transfer of Data.  LogicGate stores and processes personal information collected in connection with the Website in the United States or in any country where we engage third party service providers.  If the Visitor is from the EEA and submits personal information to the Website, LogicGate will protect the personal information by processing it in a territory in which the European Commission has determined provides an adequate level of protection or otherwise implementing appropriate administrative, physical, and technical measures to protect the Visitor’s personal information through the use of Standard Contractual Clauses or other approved lawful transfer mechanisms. LogicGate may also rely on Visitors’ explicit consent or other applicable derogations under GDPR for such transfers in addition to application of measures set forth above.  

How We Secure Information.  LogicGate implements and maintains appropriate administrative, physical, and technical safeguards to protect personal information of Visitors from accidental or unlawful disclosure, loss, destruction, alteration, unauthorized access, or misuse.  Any LogicGate service providers utilized in provision of the Website who have access to the personal information collected through the Website are required to keep it secure and confidential.

Retention.  LogicGate retains personal information collected through the Website for as long as necessary to further the legitimate business purposes of LogicGate or as required by law, until a particular Visitor withdraws his or her consent.  After a Visitor withdraws his or her consent to collect and use their personal information, LogicGate will delete or anonymize the information within a reasonable period of time provided such deletion or anonymization is technically feasible.  To the extent that such deletion or anonymization is not feasible for technical or legal reasons—as may be the case with storage on backups or for legally required retention purposes—LogicGate will take all reasonable steps to cease using the personal information including without limitation removal from marketing databases, etc.

Rights of Website Visitors.  Within certain jurisdictions, including but not limited to, the EEA, Visitors have some or all of the following rights in connection with their personal information:

To the extent required by law, LogicGate will honor any requests or objections of Visitors based upon the above-listed rights provided that such requests or objections are adequately verified and technically feasible.

With respect to Visitors’ consent to collection or use of their personal information: By not opting-out of (or in some jurisdictions, by opting-in to) LogicGate's use of cookies when first landing on the LogicGate Website, Visitors expressly consent to the collection and use of their information by LogicGate pursuant to this Privacy Policy.  Website Visitors who consent to the collection and use of their information may opt-out and revoke their consent at any time by notifying LogicGate.  Additionally, individuals can revoke their consent and request to be removed from LogicGate's marketing and informational email list by clicking the “Unsubscribe” link contained in the email(s) received from LogicGate and following the instructions to be placed on LogicGate's “Do Not Contact” list.   By doing so, Visitors will opt-out of receiving promotional communications.  However, even after Visitors opt-out of receiving promotional messages from LogicGate, Visitors who use the Service will continue to receive transactional messages from LogicGate for purposes related to the Service.  Visitors who use the Service may be able to opt- out of some notification messages in their account settings within the Service.

How To Contact LogicGate for Privacy Matters or to Exercise Data Rights. Visitors can contact LogicGate regarding its Website privacy practices or to submit a Data Access Request by completing our Data Access Request form (click HERE for the form) or emailing [email protected]. LogicGate will respond to your request as soon as practicable. Prior to responding to a Personal Data Access Request, LogicGate may ask you to complete a Data Access Request form and must verify your identity. The verification information requested may depend on your relationship with LogicGate. If an authorized agent or representative will be used to make the request, LogicGate will additionally require proof in the form of a written and signed authorization or a valid Power of Attorney. Responses to requests and any provision of information will be handled through LogicGate systems only. 

Additional Privacy Matters.

Do Not Track.  Some Visitors use web browsers which contain a “Do Not Track” feature whereby the browser feature sends a signal to each website visited indicating that the Visitor does not want its online activities to be tracked by technologies third parties.  LogicGate cannot guarantee that the Website will always respond to the Do Not Track features of all websites due to a lack of uniformity within the industry for Do Not Track technology.  

Children.  The LogicGate Website and Service is not intended for use by legal minors.  

Personal information of children under age 13 should not be submitted to the Website.

Changes to LogicGate's Privacy Policy.  LogicGate expressly reserves the right to change and update this Website Privacy Policy and any of its terms as permitted or required by law.  When LogicGate makes material changes or updates to its Privacy Policy, LogicGate will provide notice via email to Visitors who have submitted personal information to the Website and will explain the material changes.

II. The LogicGate Service

Collection and Use of Information by the LogicGate Service.  LogicGate collects and uses information and data about its Customers and their End-Users during and for the purchase, implementation, provision, support, and improvement of the LogicGate Service.  The LogicGate Service is a cloud-based Governance, Risk Management, and Compliance software service which enables companies to implement, automate, manage, and analyze their policies, workflows, security controls, and compliance measures as well as provide for other functionality and third-party software integrations. In order for the LogicGate Service to perform as intended by both LogicGate and the Customers (i.e., for GRC purposes), the collection and use of some information and data by LogicGate is necessary and may not be removed or altered without harming the functionality and utility of the Service.  For the purpose of this Privacy Policy, “Customer Data” means electronic data or information imported, uploaded or otherwise inputted into the Service by Customer or its End-Users in the Customer’s LogicGate environment.  “Other Customer Information” means information or data provided by Customer or its End-Users to LogicGate by means other than inputting, importing, or uploading into the Service by Customer or its End-Users in the Customer’s LogicGate environment.  For example, Customer’s contact information or payment information.

The LogicGate Service primarily collects and uses Customer Data and Other Customer Information during and for the implementation, provision, and technical support of the Service.  For example, Customers supply information such as the name, address, contact and payment information as well as information provided by Customer about their business including their business needs (i.e., number and type of users and applications needed) regarding the Service during the configuration, implementation and provision of the Service.  Additionally, information is collected and logged from Customers and End-users when they:

This information is collected and processed by the LogicGate Service and is needed to enable End-Users and Customers to create records within their LogicGate Service instance and for Customers and End-Users to generate reports and utilize other Service features and third-party software integrations for GRC and other business purposes as determined, managed, and controlled by the Customers.  In addition, this information is collected and used by LogicGate to provide technical support to Customers and End-Users as well as to make improvements to the LogicGate Service and notify Customers and End-Users about changes to the Service, LogicGate policies, and other LogicGate Offerings.  Furthermore, LogicGate collects, processes, and uses Customer usage data and other quantitative data in furtherance of the Service and LogicGate Offerings.  

With Whom Information Is Shared.  Personal information collected within a Customer’s LogicGate Service environment is only shared with LogicGate personnel and LogicGate’s data sub-processors as needed to provide the Service or as otherwise permitted in this Privacy Policy or required by law.  Customer and End-User information is logged by the Service as needed to perform the Service and is accessible to LogicGate and the Customer and other parties as permitted by the Customer or End-User.  Except as provided for in this Privacy Policy, LogicGate does not share or sell Customer Data to third parties.  And except as permitted by the Customer or otherwise provided herein this Privacy Policy, LogicGate will not use or disclose Customer Data for unauthorized purposes. LogicGate may use and disclose personal identifying information to third party service providers with whom we work for the following purposes: to provide hosting, maintenance, backup, storage, virtual infrastructure, payment processing, analytics, and other services for the LogicGate Service.  LogicGate may use and disclose Other Customer Information as needed to provide, support, or improve the Service as well as for analytics or other business purposes. In addition, LogicGate may disclose Customer Data or personal information to law enforcement, regulatory bodies or government agencies, courts or third parties when (i) required by law to comply with a court order, subpoena, request for information, or other legal process; (ii) enforce the terms of the Subscription Service Agreement; (iii) defend, protect, or assert LogicGate's legal rights or those of its Customers as needed; or (iv) in connection with any proposed merger, acquisition, sale or transfer of LogicGate's assets, dissolution, restructuring, liquidation, or similar event. 

Retention.  LogicGate retains Customer Data as long as the Customer has a valid contract in effect to use the Service and for the retention period set forth in the contract.  LogicGate may retain Customer Data beyond that period only as necessary to comply with any legal requirements it may be subject to (e.g., tax, accounting, security, litigation holds) or as adopted by information security industry standards.

International Transfers.  To the extent that LogicGate or its third-party service providers collects, processes, and stores Customer Data, LogicGate adheres to and complies with the EU-US and Swiss-US Privacy Shield Frameworks and Principles as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information transferred from the EU, UK, and Switzerland to the US. LogicGate may also rely on explicit consent or other applicable derogations for such transfers in addition to implementing appropriate administrative, physical, and technical measures to protect the Customer’s personal information.  For more details, see LogicGate's Privacy Shield Notice below.  For other international transfers of personal information from EEA, LogicGate will implement appropriate safeguards for the transfer of Customer Data consistent with industry standards and as agreed upon by LogicGate’s Customers.

Third Party Integrations.  The LogicGate Service may also permit Customers to enable third party software integrations and applications in furtherance of the Customers’ business and GRC objectives.  Those third-party software integrations may also collect and use Customer Data and/or Other Customer Information.  The collection and use of any Customer Data or Other Customer Information made available to such third parties through the use of their software and applications by Customer will be governed by the Customer’s agreements and privacy policies of those third parties.   

Information Security of the Service.  LogicGate maintains appropriate administrative, physical, and technical safeguards and information security practices designed to protect Customer Data from accidental, unauthorized, or unlawful access, disclosure, alteration, or destruction, or loss.  These safeguards include but are not limited to end-to-end encryption of data in transit as well as at rest. Furthermore, the Service permits the Customer to implement, configure, manage, and control their own use of the Service and to implement and enforce the Customer’s own security practices, including without limitation user access controls and encryption. For more details about LogicGate’s platform information security policies, please visit https://www.logicgate.com/platform/security/ or contact us at [email protected].   

Privacy Rights for the Service.  LogicGate processes Customer Data and Other Customer Information with the consent and at the direction of its Customers and will not disclose, distribute, or transfer Customer Data or Other Customer Information except as provided by contract, required by law, or otherwise permitted under this Privacy Policy.  

III. Additional Information

Changes to this Privacy Policy.  LogicGate expressly reserves the right to change this LogicGate Service Privacy Policy at any time. LogicGate will provide notice of any material changes to its Privacy Policy to Customers and End-Users via email or similar means. 

PRIVACY SHIELD NOTICE.
LogicGate does not rely on the EU-US Privacy Shield as a transfer mechanism of personal data from the EEA or UK to the US or on the Swiss-US Privacy Shield as a transfer mechanism of personal data from Switzerland to the US, but remains committed to the obligations and principles of the Privacy Shield Framework set forth below.
 

LogicGate's Compliance with Privacy Principles.  The LogicGate Service has certified to the US Department of Commerce that it complies with the EU-US Privacy Shield and the Swiss-US Privacy Shield Framework and is committed to the Privacy Shield Principles as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States.  In the event of a conflict between the terms of this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.  To learn more about the Privacy Shield program, and to view LogicGate's certification, please visit https://www.privacyshield.gov/list and enter “LogicGate” in the search field.   

Transfers of Data.  LogicGate is responsible for the processing of personal data it receives under the Privacy Shield Framework and subsequent transfers to a third party acting as agents on LogicGate's behalf.  The LogicGate Service complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.  With respect to personal data received or transferred pursuant to the Privacy Shield framework, the LogicGate Service is subject to the regulatory enforcement powers of the US Federal Trade Commission (FTC).   

To the extent the Privacy Shield Framework ceases to apply to certain transfers of personal information from the EU, UK, and Switzerland to the US, LogicGate may rely on the Standard Contractual Clauses and explicit consent or other applicable derogations under GDPR for such transfers in addition to implementing appropriate administrative, physical, and technical measures to protect personal information. Such consent may be requested on a case-by-case basis as indicated to the Visitor or End-User, as applicable, and may be withdrawn at any time. Risks of consenting to such a transfer include processing of personal information in the United States, which may not have data protection laws equivalent to those where the Visitor is located and may not provide Visitors with the same rights as may be provided where the Visitor or End-User is located. Safeguards applied to personal information transferred to the US include encryption of personal data in transit and at rest, restricted access to Customer Data according to the principle of least privilege (i.e., a need-to-know basis), due diligence and monitoring of sub-processors and vendors who may have access to Customer Data in order to provide the Service, use of software tools to monitor and log use of decryption keys, periodic penetration testing and vulnerability detection of the platform and Service, offering Customers the choice to host their platform environment and Customer Data within the EU, and contractual commitments to protect Customer Data, particularly data which contains personal information. For so long as LogicGate retains its Privacy Shield certification, it remains subject to the oversight of the United States Department of Commerce as further described below under the headings “Procedure” and “Principles and Commitments.” Details regarding LogicGate’s sharing of personal information are located under the section headings “With Whom Information Is Shared” in this Privacy Policy.

Disclosure of Personal Data.  In certain situations, LogicGate may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.  To the extent permitted by law or contract, LogicGate notifies Customers and End-Users of any efforts to obtain personal data by government agencies or other third parties and seeks to limit the personal information tendered pursuant to such efforts.

Procedure.  In compliance with the Privacy Shield Principles, LogicGate commits to resolve complaints about LogicGate’s collection or use of personal information.  Any inquiries or complaints related to LogicGate's Privacy Shield compliance may be directed to [email protected]. In the event of a dispute involving allegations that LogicGate has not complied with Privacy Shield, individuals may bring a complaint directly to LogicGate, and LogicGate must respond to the individual within 45 days. In the event of an unresolved privacy or data use concern that LogicGate has not addressed satisfactorily, contact LogicGate’s US-based third party dispute resolution provider (free of charge) at https://www.jamsadr.com/eu-us-privacy-shield. If an individual submits a complaint to a data protection authority (DPA) in the EU, the Department of Commerce has committed to receive, review and undertake best efforts to facilitate resolution of the complaint and to respond to the DPA within 90 days.  Under certain conditions, more fully described on the Privacy Shield website, a complaining party may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.    

Principles and Commitments.  LogicGate further commits to the following with respect to the Privacy Shield Principles:

For more information, see www.privacyshield.gov.

MISCELLANEOUS 

Information Obtained By LogicGate From Events and Sources Other Than the Website or the Service.  LogicGate may obtain, collect, and use information, including personal information, from sources other than the LogicGate Website and the LogicGate Service.  In particular, LogicGate may host or attend in-person or remote events such as conferences, trainings, and promotional functions where personal information may be collected from individual attendees with their express consent (“Event Participants”).  Such information will only be used for LogicGate's legitimate business and marketing purposes and LogicGate will not sell, disclose, or otherwise transfer such personal information without the Event Participant’s express consent.   Event Participants may revoke their consent to be included on LogicGate's marketing lists at any time thereafter by contacting LogicGate at [email protected] or by clicking on the “Unsubscribe” link at the bottom of any marketing or promotional emails received from LogicGate and following any subsequent instructions. LogicGate reserves the right to change its Privacy Policy as it relates to information obtained from Events as well as sources other than the Website or the Service.  LogicGate will provide email notification of any material changes to LogicGate's Privacy Policy to Event Participants and other individuals who have consented to the collection or use of their personal information. 

Information obtained from job applicants/candidates. LogicGate may obtain professional or employment related information through job related inquiries, or applications for employment or internships. Personal information requested  during the application process includes full name, phone number, email address, and resume/CV. Voluntary information includes LinkedIn profile address, personal website address, referral name, pronoun, self-identification information, and veteran status. Through submittals of resumes/CVs, LogicGate may receive postal addresses, titles, professional history, education and training information, references, and other information that the applicant chooses to provide. Some or all of this information may also be requested and/or received in relation to consultant or contractor work.

Applicants that use or provide their information to third party career sites, such as Indeed or LinkedIn, or to a talent acquisition firm, should consult the Privacy Policies of those entities for their Personal Information practices. LogicGate makes no representations or warranties regarding their information security or privacy practices.

LogicGate will use the information received to assess applications, correspond with applicants, and carry out human resource functions in accordance with applicable law. LogicGate will share the information with authorized internal human resource professionals as well as professionals in our business functions who are participating in the application and interview process. LogicGate utilizes an applicant tracking system and recruiting software via a third-party service provider. Interviews may be virtual and utilize a third-party service provider such as Zoom.

It is in LogicGate’s legitimate business interests to be able to review the qualifications of prospective employees and perform human resources functions in relation to these business processes. LogicGate retains applicant information in accordance with legal requirements.

How to Contact LogicGate. To contact LogicGate with questions regarding this Privacy Policy or inquire about previous versions of this policy, please send an email to [email protected] or by mail to:

LogicGate, Inc.
Attn: General Counsel
320 W. Ohio Street
5th Floor
Chicago, IL 60645

If you wish to contact us to make a Data Access Request (also known as a Consumer Request), click this LINK to complete and submit our Data Access Request form.

LogicGate’s Data Protection Officer, Sara Haven, General Counsel, may also be contacted at the above-referenced email and postal addresses.

LogicGate’s Representative in the United Kingdom:
Osborne Clarke, LLP, One London Wall, London EC2Y 5EB or DX 466 London

For residents of the European Economic Area who wish to raise a concern about LogicGate, please contact your local Data Protection Authority/Supervisory Authority, or alternatively, as described above, in the event of an unresolved privacy or data use concern that LogicGate has not addressed satisfactorily, contact LogicGate’s US-based third party dispute resolution provider (free of charge) at https://www.jamsadr.com/eu-us-privacy-shield.

To contact LogicGate regarding a data security breach, please email: [email protected].

For more details about LogicGate’s platform information security policies, please visit: https://www.logicgate.com/platform/security/.

For questions about employment with LogicGate visit: https://www.logicgate.com/about-us/join-the-team/
or for questions, fill out a contact request form: https://www.logicgate.com/contact-us/

The email addresses listed throughout this Privacy Policy are intended solely for the use of LogicGate’s visitors and Customers, meaning they are not intended for commercial purposes, such as advertising. Emails related to commercial purposes will be reported as Spam and deleted.

For a PDF copy of this Privacy Policy, click HERE.

© 2022 LogicGate, Inc.®