Effective Date: November 29, 2018
Palo Alto Software, Inc. and our UK subsidiary, Palo Alto Software, Ltd. (collectively, “Palo Alto Software”, “we”, “us”, “our”), are committed to protecting your privacy.
1.1. “Personal Information”
This refers to any information that identifies you personally, directly or indirectly, including contact information, such as your name, email address, company name, address, phone number, and other information about yourself. Personal Information can also include information about any transactions, both free and paid, that you enter into on the Websites.
1.2. “Websites” and “Subscription Services”
2. Changes and Updates
3. Questions and Concerns
Palo Alto Software, Inc.
Attn: Noah Parsons, Data Protection Officer
44 W. Broadway, STE 426
Eugene, OR 97401
VeraSafe has been appointed as Palo Alto Software's representative in the European Union for Personal Information protection matters, pursuant to Article 27 of the General Data Protection Regulation of the European Union. VeraSafe can be contacted in addition to firstname.lastname@example.org, only on matters related to the processing of Personal Information. To make such an inquiry, please contact VeraSafe using this contact form: https://www.verasafe.com/privacy-services/contact-article-27-representative
Alternatively, VeraSafe can be contacted at:
VeraSafe Czech Republic s.r.o
Prague 1, 11002
VeraSafe Ireland Ltd
Unit 3D North Point House
North Point Business Park
New Mallow Road
4. Information We Collect
4.1. Information You Voluntarily Provide When You Visit Our Websites and Use Our Subscription Services
You are free to explore our Websites without providing any Personal Information about yourself. You may also voluntarily provide Personal Information to us when you sign up to receive additional information from our Websites, or sign up for and use one of our Subscription Services, contact our customer service team, send us an email, post a comment on our blogs, or communicate with us in any other way. The Personal Information we process may include your name, address, email address, IP address, phone number, credit card information, and professional information. Furthermore, custom fields may capture any other types of Personal Information.
Our online Subscription Services allow you to create business plans, analyze accounting data, and manage email and other electronic communications.
Users of our Subscription Services can store any type of Personal Information in the services, including contents of and attachments to emails, as well as personal data related to your Google account (“Google User Data”). However, Palo Alto Software does not access or share any of that data, and does not know what type of data you or other users are storing. The data is only used by the account owner and invited end-users as they intend to use it.
- We will only use access to read, write, modify, or control Gmail message bodies (including attachments), metadata, headers, and settings to provide a web email client that allows users to compose, send, read, and process emails and will not transfer this Gmail data to others unless doing so is necessary to provide and improve these features, comply with applicable law, or as part of a merger, acquisition, or sale of assets.
- We will not use this Gmail data for serving advertisements.
- We will not allow humans to read this data unless we have your affirmative agreement for specific messages, doing so is necessary for security purposes such as investigating abuse, to comply with applicable law, or for our internal operations and even then only when the data have been aggregated and anonymized.
4.2. Payment and Order Information
We collect and process payment information from you when you subscribe to any of our Subscription Services or order any products or services from our Websites, including credit cards numbers, billing information, and shipping information using third party PCI-compliant service providers.
4.3. Information We Collect Automatically
4.4. Information from Your Use of Our Subscription Services
We may receive information about how and when you use the Subscription Services and store that information in log files or other types of files associated with your account, and link it to other information we collect about you. This information may include, for example, your IP address, time, date, browser used, and actions you have taken within the Subscription Service. This type of information helps us to improve our Subscription Services for both you and for all of our users.
4.5. Information We Receive from Third Parties
We may also receive your Personal Information directly from third parties, such as users of our Subscription Services who may provide your Personal Information directly to us.
We use “cookies” to help you personalize your online experience. A cookie is a text file that is placed on your hard disk by a Web server. Cookies are not used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you, and can only be read by a Web server in the domain that issued the cookie to you. One of the primary purposes of cookies is to provide a convenience feature to save you time. The purpose of a cookie is to tell the Web server that you have returned to a specific page. For example, if you personalize pages on our Websites, or register for the Subscription Service, a cookie helps us to recall your specific information on subsequent visits. When you return to the same Website, the information you previously provided can be retrieved, so you can easily use the customized features.
Palo Alto Software keeps track of the Websites and pages you visit within the Palo Alto Software network of sites and services, in order to determine what portion of the Website or Subscription Service is the most popular or most used. This data is used to deliver customized content and promotions within the Palo Alto Software Websites and Subscription Services to customers whose behavior indicates that they are interested in a particular subject area.
If you wish to not have this information used for the purpose of serving you targeted ads, you may opt-out of certain companies serving you targeted advertisements by clicking here: http://preferences.truste.com/, or if located in the European Union, by clicking here: http://www.youronlinechoices.eu/. Please note this does not opt you out of being served advertising. You will continue to receive generic ads.
4.7. Clear Gifs, Web Beacons & Web Bugs
We employ a software technology called clear gifs (a.k.a. Web Beacons/Web Bugs), that help us better manage the Websites and Subscription Services by informing us what content is effective. Clear gifs are tiny graphics with a unique identifier, similar in function to cookies, and are used to track the online movements of Web users. In contrast to cookies, which are stored on a user's computer hard drive, clear gifs are embedded invisibly on Web pages or in emails and are about the size of the period at the end of this sentence. We use clear gifs in our HTML-based emails to let us know which emails have been opened by recipients. This allows us to gauge the effectiveness of certain communications and the effectiveness of our marketing campaigns. We tie the information gathered by clear gifs in emails to our customers' Personal Information. If you would like to opt-out of these emails, please see “Opting Out and Unsubscribing” below.
4.8. Single Sign-On
You can log in to our Subscription Services using a Single Sign-on (SSO) service like your Google account. This service will authenticate your identity and provide you the option to share certain Personal Information with us such as your name and email address to pre-populate our sign-up form. Such services may give you the option to post information about your activities on this Website to your profile page to share with others within your network.
4.9. Personal Information about Children
The Websites and Subscription Services are not intended for or targeted at children under 13, and we do not knowingly or intentionally collect Personal Information about children under 13. If you believe that we have collected Personal Information about a child under 13, please contact us as provided for above in the section titled “Questions and Concerns”, so that we may delete that Personal Information.
5. How We Use the Personal Information We Collect
5.2. Basis of Processing
- your consent;
- performing our obligations under a contract to which you are a party or performing steps requested by you in order prior to entering into a contract;
- pursuing our legitimate interests, such as our interest in marketing our services; and
- any other ground, as required or permitted by law.
Where we rely on your consent as a legal ground for processing your Personal Information, you may withdraw your consent at any time. However, if you withdraw your consent, it will not affect the lawfulness of the processing that occurred based on your consent prior to your withdrawal.
Where we act as a data controller and we receive your Personal Information directly from you for the purpose of providing you with our Subscription Services or other services related to our Websites, we require such Personal Information to be able to perform our contractual obligations to you. Without the necessary Personal Information, Palo Alto Software will not be able to handle your requests.
5.3. We Never Sell Personal Information
We understand how important your Personal Information is to you. We are committed to keeping it strictly confidential. Your privacy is not for sale. We will never sell, rent, or otherwise abuse the Personal Information you have trusted us with.
5.4. Use of Personal Information
We may, from time to time, contact you on behalf of external business partners about a particular offering that may be of interest to you. In those cases, we do not transfer your unique Personal Information to the third party.
5.5. Sharing Personal Information with Third Parties (Service Providers)
We may use third parties to perform certain services on our behalf. We may share your Personal Information with these third parties, as necessary, solely to enable them to perform those specific services for us. Such third parties include those:
- assisting us with sending marketing emails and performing social networking tracking;
- providing cloud storage services;
- serving advertisements;
- providing customer support services;
- enabling us to send you emails;
- providing web analytics, performance tracking, and email automation software;
- providing subscription management, payment gateway integration, and invoicing services;
- providing video streaming services;
- providing issue-tracking software;
- enabling payment processing;
- monitoring errors on web platforms;
- offering marketing and advertising services;
- assisting appointment scheduling;
- providing online survey software;
- providing web conferencing services; and
- providing subscription revenue analytics services.
Such third parties are prohibited from using your Personal Information except for these purposes, and they are required to maintain the confidentiality and security of your information.
5.7. Customer Testimonials and Comments
We post customer testimonials and comments on our Websites, which may contain Personal Information. If you would like your testimonial or comments altered or removed from our Websites, please contact us as requested in the section above titled “Questions and Concerns”.
5.8. Use of Credit Card Information
If you give us credit card information, we use it solely to check your financial qualifications and collect payment from you. We use a third-party service provider to manage credit card processing. This service provider is not permitted to store, retain, or use information you provide except for the sole purpose of credit card processing on our behalf.
5.9. Social Media Features
5.10. External Websites
5.11. Public Forums
We offer publicly accessible message boards, blogs, and community forums. Please keep in mind that if you directly disclose any information through our public message boards, blogs, or forums, this information may be collected and used by others. We will correct or delete any Personal Information you have posted on the Websites if you so request, as described under “Opting Out and Unsubscribing” below.
5.12. Retention of Personal Information
Where we act as a data processor, we retain your Personal Information for as long as is necessary for us to perform under our engagement with the data controller.
Where we act as a data controller, we retain Personal Information that you provide us as long as we consider it potentially useful in contacting you about the Subscription Services or our other services, or as needed to comply with our legal obligations, resolve disputes and enforce our agreements, and then we securely delete that Personal Information, but in any case within a period of no more than 12 months after the purposes of processing are satisfied. We may delete this information from the servers at an earlier date if you so request, as described under “Opting Out and Unsubscribing” below.
5.13. International Transfer of Personal Information
Some of our service providers who receive your Personal Information may be located in countries outside of the European Union or the European Economic Area (“EEA”). In some cases, the European Commission may not have determined that the legal environment in those countries provides a level of data protection that is essentially equivalent to the level of protection provided under European Union law. Transfers of your Personal Information to such service providers will typically be subject to appropriate safeguards, such as the standard contractual clauses for the transfer of Personal Information to third countries, as approved by, and available directly from, the European Commission.
5.14. Corporate Events
If we (or our assets) are acquired by another company, whether by merger, acquisition, bankruptcy or otherwise, that company would receive all information gathered by Palo Alto Software on the Websites and the Subscription Services. In this event, you will be notified via email and/or a prominent notice on our Websites, of any change in ownership, uses of your Personal Information, and choices you may have regarding your Personal Information.
5.15. Compelled Disclosure
We reserve the right to use or disclose your Personal Information if required by law or if we reasonably believe that use or disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or comply with a law, court order, or legal process.
6.1. Security of Your Personal Information
We use a variety of security technologies and procedures to help protect your Personal Information from unauthorized access, use, or disclosure. We secure the Personal Information you provide on computer servers in a controlled, secure environment, protected from unauthorized access, use or disclosure. When sensitive Personal Information (such as a credit card number and/or geo-location data) is collected on our Websites and/or transmitted to other websites, it is protected through the use of encryption, such as the Secure Socket Layer (SSL) protocol.
6.2. Alerts in the Event of a Security Breach
If a security breach causes an unauthorized intrusion into our system that materially affects you, then Palo Alto Software will notify you as soon as possible and later report the action we took in response.
7. Opting Out and Unsubscribing
7.1. Reviewing, Correcting and Removing Your Personal Information
If you are a data subject about whom we process Personal Information, you may have the following rights with respect to that information:
- to access and review the Personal Information that you have supplied to us;
- to request that we correct any errors, outdated information, or omissions in Personal Information that you have supplied to us;
- to request that your Personal Information not be used to contact you;
- to request that your Personal Information be removed from any solicitation list that we use;
- to request that your Personal Information be deleted from our records; and
- to opt-out of being solicited by Palo Alto Software or third parties.
You may have the right, under certain circumstances, to have the processing of your Personal Information limited (restricted), as well as the right to object to the processing of your Personal Information. You may also have the right to ask to have your Personal Information exported to a machine-readable format.
Where we act as a data controller, to exercise any of these rights, please contact us, as provided in the section above titled “Questions and Concerns”. We will respond to your request to change, correct, or delete your information within a reasonable timeframe and notify you of the action we have taken.
Where we act as a data processor, you may exercise your rights under this section by contacting the data controller who has provided your Personal Information to us.
7.2. Unsubscribing From Our Communications
You may unsubscribe from our marketing communications by clicking on the “unsubscribe” link located on the bottom of our emails, or by contacting us as provided under the section above tiled “Questions and Concerns”. Customers cannot opt out of receiving transactional emails, such as billing notifications, related to their account with us or the Subscription Services.
8. EU-U.S. and Swiss-US Privacy Shield
Palo Alto Software is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC) with regard to the Privacy Shield Frameworks.
Palo Alto Software has further committed to refer unresolved privacy complaints under the EU-U.S. and Swiss-U.S. Privacy Shield Principles to an independent dispute resolution mechanism. JAMS is the US-based independent organization responsible for reviewing and resolving complaints about our Privacy Shield compliance – free of charge to you. If you are not satisfied with our initial response, please contact JAMS at www.jamsadr.com/eu-us-privacy-shield. In the event that your concern still is not addressed by JAMS, you may be entitled to a binding arbitration under Privacy Shield and its principles, pursuant to the Privacy Shield's Recourse, Enforcement and Liability Principle and Annex I of the Privacy Shield.
Within the scope of our authorization to do so, and in accordance with our commitments under the Privacy Shield, Palo Alto Software will provide individuals access to Personal Information about them. Palo Alto Software also will take reasonable steps to enable individuals to correct, amend, or delete Personal Information that is demonstrated to be inaccurate.
With respect to Personal Information that Palo Alto Software receives in reliance on the Privacy Shield Frameworks, you have the right to opt out of having your Personal Information shared with third parties, and to revoke your consent that you have previously provided for your Personal Information to be shared with third parties, except as required by law. You also have the right to opt out if your Personal Information is used for any purpose that is materially different from, but nevertheless compatible with the purpose(s) for which it was originally collected or subsequently authorized by you.
Palo Alto Software is responsible for the processing of Personal Information it receives, under the Privacy Shield Frameworks, and subsequently transfers to a third party acting as an agent on its behalf. Palo Alto Software complies with the Privacy Shield Principles for all onward transfers of Personal Information within the scope of our certification under the Privacy Shield Frameworks, including the onward transfer liability provisions. Palo Alto Software remains liable for the protection of your Personal Information that we transfer to our service providers, except to the extent that we are not responsible for the event giving rise to any unauthorized or improper processing.
9. Supervisory Authority Oversight
If you are a data subject whose Personal Information we process, you may also have the right to lodge a complaint with a data protection regulator in one or more of the European Union member states.