Privacy Notice

Update

We've submitted an application to participate in the Privacy Shield framework for personal data transfers from the EU to the US, and have updated this Privacy Notice to reflect our application.

Last modified September 6, 2016

OneLogin, Inc. (“OneLogin”, “We”, “Us”, or “Our”) is committed to protecting the privacy of your personal information while using our Web site (www.onelogin.com) and when using our on-demand support platform, tools and services offered on the Web site (the “Service”). OneLogin has established this Privacy Policy Statement to assist you to understand how we collect and use personally identifiable information if and when you use our Web site as a “Visitor” or provide information to us in connection with your use of the Service as a “Subscriber”. By using our Web site you are agreeing to the collection and use of personal information in the manner described in this Privacy Policy Statement. By registering for our Service, you are agreeing to the collection and use of personal information in the manner described in this Privacy Policy Statement and the OneLogin Terms of Service.

Does OneLogin participate in the US-Swiss Safe Harbor and EU-US Privacy Shield Framework?

OneLogin complies with the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from Switzerland. OneLogin has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program and to view OneLogin’s certification, please visit http://www.export.gov/safeharbor

OneLogin participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework. We are committed to subjecting all personal data received from European Union (EU) member countries, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List, https://www.privacyshield.gov/list.

We are responsible for the processing of personal data it receives, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. We comply with the Privacy Shield Principles for all onward transfers of personal data from the EU, including the onward transfer liability provisions.

With respect to personal data received or transferred pursuant to the Privacy Shield Framework, OneLogin is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.

TRUSTe Privacy Certification

Under certain conditions, more fully described on the Privacy Shield website, https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.

What information does OneLogin collect?

How does OneLogin use my information?

OneLogin may use the collected personal information and other information OneLogin collects about your use of the Service to operate and make the Service available to You, for billing, identification and authentication, to contact you about your use of the Service, research purposes, and to generally improve the content and functionality of the Web site and the Service. OneLogin will also use the collected personal information to send you periodic newsletters.

How can I access and update my information?

Data collected by OneLogin: Upon request OneLogin will provide you with information about whether we hold, or process on behalf of a third party, any of your personal information. If your personal information changes, or if you no longer desire to use the Service, you may correct, update, delete or deactivate it by making the change within the Service or by emailing Customer Success at support@onelogin.com. We will respond to your request within 3 business days. OneLogin will retain your information for as long as your account is active or as needed to provide you the Service and to comply with our legal obligations, resolve disputes, and enforce our agreements.

Data collected by Subscribers on behalf of their users: OneLogin has no direct relationship with the end users that are part of a Service Subscription plan. An end user who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct their query to their designated Client Administrator (the data controller). The Client Administrator can modify your account information at any time in the Service’s Account settings or by contacting our Customer Success Team. If the Client Administrator requests OneLogin to remove the data, we will respond to their request within 30 business days.

We will retain end user information for as long as the Subscription is active, the Client Administrator requests the deletion of the same, or as needed to provide you services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. There might be some latency in deleting archived subscription data from our systems after it’s removed from Production. Although OneLogin owns the software, code, databases, and all rights to the Web site and the Service, the Visitors and Subscribers, respectively, retain all rights and accountability for the data held by OneLogin on their behalf.

Does OneLogin share information with third parties?

OneLogin uses a third party intermediary to perform credit card processing when registering for the paid Subscription plans of the Service. This intermediary is not permitted to store, retain, or use your billing information except for the sole purpose of credit card processing on OneLogin’s behalf.

OneLogin may also transmit personal information to its third party vendors and the hosting partners that provide the necessary hardware, software, networking, storage, and other technology and maintenance services required to operate and maintain the Web site and the Service. Transfers to subsequent third parties are covered by the provisions in this Policy regarding notice and choice and the service agreements with our Clients. This may require that your personal information be transferred from Your current location to the offices and servers of OneLogin and these authorized third parties.

Does OneLogin share the information I provide?

Except as described in this policy, OneLogin will not give, sell, rent, share or loan any personal information to any third party other than as outlined in this policy.

How does OneLogin protect my information?

OneLogin maintains reasonable security measures to protect your information from loss, destruction, misuse, unauthorized access or disclosure. These technologies help ensure that your data is safe, secure, and only available to you and to those you provided authorized access. When you enter sensitive information (such as your login information) on our Web site or connect to our Service, we encrypt the transmission of that information using Transport Layer Security (TLS). However, no data transmission over the Internet or information storage technology can be guaranteed to be 100% secure. If you have any questions about security on our Web site, you can contact us at privacy@onelogin.com.

Can I opt out?

You may set your browser to block all cookies, including cookies associated with our Service. Users who disable their browsers’ ability to accept cookies will be able to browse our Web site, but will not be able to access or take advantage of the Service.

You can also opt out of our newsletters and surveys and you may follow the unsubscribe/opt out instructions contained in each of those communications.

How will you notify me of changes to this policy?

OneLogin may update this policy from time to time. You can review the most current version of this Privacy Policy at any time at http://www.onelogin.com/privacy. If we make any material changes we will notify you by email (sent to the e-mail address specified in your account) or by means of a notice on this Site prior to the change becoming effective. Your only remedy, if you do not accept the terms of this Privacy Policy, is to discontinue use of the Site and Service.

Contact Us

If you have any questions regarding this Privacy Policy you may contact us at privacy@onelogin.com or via postal mail at:

OneLogin, Inc.
150 Spear Street
Suite 1400
San Francisco, CA 94105