Privacy Notice

Last modified May 15, 2018

OneLogin, Inc. (“OneLogin”, “We”, “Us”, or “Our”) is committed to protecting the privacy of your personal information while using our Web site (www.onelogin.com) OneLogin has established this Privacy Policy (“Policy”) to describe how we collect and use your personal data if and when you use our Web site as a “Visitor” or provide information to us in connection with your use of the Service as a “Subscriber”.

Who We Are

You may contact us under OneLogin Inc., 848 Battery Street, San Francisco, CA 94111.

Our EU representative is: OneLogin Ltd, 2 Sheraton Street, W1F 8BH London.

You may contact our Data Protection Officer at privacy@onelogin.com.

The Information We Process

If you do not provide the listed personal data to us, we may not be able to provide you with certain features of our Web site.

How We Process Personal Data

OneLogin uses the personal data including your use of the Service to operate and make the Service available to you, for billing, identification and authentication, to contact you about your use of the Service, research purposes, and to generally improve the content, functionality, and security of the Web site and the Service. OneLogin will also use the collected personal information to send you periodic newsletters to inform you about OneLogin and our services.

The processing is based on our legitimate interests (Art. 6 (1)(f) of the GDPR).

We may use personal data provided as testimonials, which is always based on consent (Art. 6(1)(a) of the GDPR).

We do not use automated decision-making, including profiling.

Sharing Information With Third Parties

OneLogin uses a third party intermediary to perform credit card processing when registering for the paid Subscription plans of the Service. This intermediary is not permitted to store, retain, or use your billing information except for the sole purpose of credit card processing on OneLogin’s behalf.

OneLogin may also transmit personal data to its third party vendors and the hosting partners that provide the necessary hardware, software, networking, storage, and other technology and maintenance services required to operate and maintain the Web site and the Service. Transfers to subsequent third parties are covered by the provisions in this Policy regarding notice and choice and the service agreements with our Clients. This may require that your personal data be transferred from your current location to the offices and servers of OneLogin and these authorized third parties.

Recipients of the Personal Data

We share personal data with the following categories of recipients:

For a list of our current subprocessors, follow this link: https://www.onelogin.com/data-subscribe.

We intend to transfer personal data to the following third countries:

Third country Legal safeguards
US US-EU Privacy Shield, Standard Contractual Clauses
Australia Standard Contractual Clauses
Brazil Standard Contractual Clauses
China Standard Contractual Clauses
India Standard Contractual Clauses
Japan Standard Contractual Clauses
Philippines Standard Contractual Clauses
Singapore Standard Contractual Clauses
Taiwan Standard Contractual Clauses

You may get a copy of the respective safeguards by requesting these from privacy@onelogin.com.

Sharing Your Information

Except as described in this Policy, OneLogin will not give, sell, rent, share or loan any personal information to any third party other than as outlined in this Policy.

Protecting Your Information

OneLogin maintains reasonable security measures to protect your information from loss, destruction, misuse, unauthorized access or disclosure. These technologies help ensure that your data is safe, secure, and only available to you and to those you provided authorized access. When you enter sensitive information (such as your login information) on our Web site or connect to our Service, we encrypt the transmission of that information using Transport Layer Security (TLS). If you have any questions about security on our Web site, you can contact us at privacy@onelogin.com.

Use of Cookies

We use session “cookies” to allow the Web site or Service to uniquely identify your browser while you are logged in and to enable OneLogin to process your online transactions. We do not link the information we store in cookies to personal data you submit while using the Web site other than the email address you provide. Session cookies also help us verify your identity and are required in order to use the Service. OneLogin uses persistent cookies, that only OneLogin can read and use, to identify you as a valid user of a OneLogin Subscription plan and make it easier for you to log in to the Service. Analytical cookies and similar technologies are also used to allow OneLogin to recognize how visitors move around the Web site and the Service when they’re using it. We use this information, which is aggregated and does not uniquely identify end users, to analyze trends, to troubleshoot the Web site and Service, to track end users’ movements while on the site and to gather demographic information about our user base as a whole. This helps us improve the overall user experience.

We use the following cookies on our Web site:

Cookie Purpose Expiry
AddThis Content sharing 1 year
AdRoll Cookies users, tracks conversions 1 year
AdRoll Pixel Cookies users, tracks conversions 2 years
AdWords Conversion Tracks user conversions 2 years
AdWords Remarketing Cookies users, tracks conversions 3 months + 1 year
App Nexus Ads targeting 12 years
Beeswax Not used directly by us, but some of our vendors 12 years
BidSwitch Used by demandbase 1 year
Bing Conversion Tag All Site Tracks user conversions 1 year
Bizable Ads targeting 1 year
Bizographics Used by linkedin 5 months
class button clicks Just an event no cookies attached No cookie
contactus4 - Contact Us Just an event no cookies attached No cookie
Demandbase for dynamically customized content based on user’s company/department 1 year - 10 years
demorequest3 - Demo Request Just an event no cookies attached No cookie
DoubleClick Ads targeting 2 years
DoubleClick Ad Exchange-Buyer Ads targeting 2 years
DoubleClick Bid Manager Ads targeting 2 years
Engagio Tag b2b marketing/leads tracking 2 years
Facebook Base Pixel Cookies users, tracks conversions 3 months - to unlimited
Facebook Connect Tracks user conversions 3 months - to unlimited
Facebook Custom Audience Tracks user conversions 3 months - to unlimited
Facebook Lead Event - Contact Page Tracks user conversions 3 months - to unlimited
Facebook Lead Event - Demo Request Tracks user conversions 3 months - to unlimited
Facebook Lead Event - Free Trial Request Tracks user conversions 3 months - to unlimited
Facebook Lead Event - Other Requests - PAUSED Tracks user conversions 3 months - to unlimited
Facebook Lead Event - SaaS Tsunami Kit Tracks user conversions 3 months - to unlimited
Facebook Pixel Cookies users, tracks conversions 3 months - to unlimited
freetrial2 - Free Trial Just an event no cookies attached No cookie
GA Audiences No cookies No cookie
Google Adwords Conversions Cookies users, tracks conversions No cookie
Google Adwords User Lists Cookies users, tracks conversions No cookie
Google Analytics For website usage analysis 1 year
Google Dynamic Remarketing Ads targeting 1 year
Google Tag Manager No cookie, only used to load other trackers No cookie
Hotjar To analyse user’s behaviour on website 1 Day to 2 years
Hotjar Tracking Code Same as above No cookie
IAM Kit LP Just an event no cookies attached No cookie
IAM Kit Re-Targeting Just an event no cookies attached No cookie
Kenshoo Tier 1 ads conversion No cookie
Kenshoo Tier 2 ads conversion No cookie
Kits IAM Conversion Just an event no cookies attached No cookie
LeadLander Lead tracking 1 year
LinkedIn Ads LinkedIn ads tracking 6 months - 2 years
LinkedIn Analytics LinkedIn ads tracking 6 months - 2 years
LinkedIn Marketing Solutions LinkedIn ads tracking 6 months - 2 years
LinkedIn Tag LinkedIn ads tracking 6 months - 2 years
LiveRamp Used by demandbase no cookie
LP_Demo_Phone_Chat Just an event no cookies attached no cookie
Marketo Tracks user conversions 2 years
Mixpanel for signup analysis 1 year
OpenX ads targeting 1 year
Optimizely for a/b testing 2 months - 10 years
Quantcast Tracks user conversions 2 months - 1 year
Quantcount Tracks user conversions 2 months - 1 year
Quora Retargeting Quora ads no cookie
Rubicon Ads 1 month - unlimited
Twitter Advertising twitter ads 2 years
Twitter Analytics twitter ads 2 years
Twitter Conversion Tracking twitter ads conversion 2 years
Yahoo Ad Exchange yahoo ads 1 day

You may set your browser to block all cookies, including cookies associated with our Service. Users who disable their browsers’ ability to accept cookies will be able to browse our Web site, but will not be able to access or take advantage of the Service.

You can also opt out of our newsletters and surveys and you may follow the unsubscribe/opt out instructions contained in each of those communications.

Retention Periods

We retain your personal data as long as it is necessary for the purposes stated above, if not stated otherwise in this Policy. We might process your personal data longer than stated above if it is necessary because of legal requirements or decisions made by authorities.

Your Rights

If you would like to exercise any of your rights, or receive more information about them, please contact us via the contact details at the bottom of this Policy and we will help you out. Please note that some of the following rights may not be applicable to your situation:

Right of access: You have the right to gain access to information about the personal data that we process about you. Should you have any questions regarding the processing or want more insight into the personal data we process from you, you are always welcome to contact us and we will provide you with further information.

Right to rectification: You can request us to correct information inaccurately stored by us without undue delay. You also have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

Right to erasure/right to be forgotten: You have the right to request of us to permanently delete your personal information. You can make such a request if you for example believe that the personal data are no longer necessary in relation to the purpose for which the personal data were collected or otherwise processed.

Right to restrict the processing activities: You have the right to restrict our processing activities. If you choose to restrict our processing activities regarding certain personal data, note that you may not be able to use our Web site properly.

If you are unsatisfied with the way we treat your personal data, you may reach out to us at all times to solve the issue. However, you always have the right to lodge a complaint to a supervisory authority.

Notification of Changes to This Policy

OneLogin may update this Policy from time to time. You can review the most current version of this Privacy Policy at any time at https://www.onelogin.com/privacy. If we make any material changes we will notify you by email (sent to the e-mail address specified in your account) or by means of a notice on this Web site prior to the change becoming effective.

Privacy Shield Frameworks

OneLogin participates in and has certified its compliance with both the EU-U.S. Privacy Shield Framework and the Swiss-US Privacy Shield Framework (collectively, the “Frameworks”). We are committed to subjecting all personal data received from European Union (EU) member countries and Switzerland, in reliance on the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework, respectively, to the Frameworks’ applicable Principles. To learn more about the Privacy Shield program, and view our certifications, visit the U.S. Department of Commerce’s Privacy Shield List, https://www.privacyshield.gov/list.

Under the Frameworks, OneLogin is responsible for the processing of personal data it receives and subsequently transfers to a third party acting as an agent on its behalf. We comply with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.

With respect to personal data received or transferred pursuant to the Frameworks, OneLogin is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.

TRUSTe Privacy Certification

Under certain conditions, more fully described on the Privacy Shield Web site, https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.

Contact Us

If you have any questions regarding this Policy you may contact us at privacy@onelogin.com or via postal mail at:

OneLogin, Inc.
100 California Street
Suite 900
San Francisco, CA 94111