This Privacy Policy governs our data collection, processing and usage practices. It also describes your choices regarding use, access and correction of your personal information.

Privacy Policy

Effective Date: November 29, 2018

Palo Alto Software, Inc. and our UK subsidiary, Palo Alto Software, Ltd. (collectively, “Palo Alto Software”, “we”, “us”, “our”), are committed to protecting your privacy.

This Privacy Policy governs our Personal Information collection, processing and usage practices with respect to our Websites and Subscription Services (each as defined below under “Websites” and “Subscription Services”). It also describes your choices regarding use, access, and correction of your Personal Information. By using the Websites or the Subscription Services, you consent to the Personal Information processing practices described in this Privacy Policy. If you do not agree with the Personal Information processing practices described in this Privacy Policy, you should not use the Websites or the Subscription Services.

1. Definitions

1.1. “Personal Information”

This refers to any information that identifies you personally, directly or indirectly, including contact information, such as your name, email address, company name, address, phone number, and other information about yourself. Personal Information can also include information about any transactions, both free and paid, that you enter into on the Websites.

1.2. “Websites” and “Subscription Services”

This Privacy Policy applies to our websites (“Websites”), including www.paloalto.com, www.bplans.com, www.mplans.com, www.liveplan.com, www.emailcenterpro.com, www.outpost.co, as well as any other sites owned and operated by us and related processing activities carried out on our behalf by third parties, e.g., for the purpose of conducting online marketing, payment processing, customer support, as well as other types of services, as provided under “Sharing Personal Information with Third Parties (Service Providers)” below. The Privacy Policy also applies to our Subscription Services LivePlan and Outpost offered through our Websites (the “Subscription Services”), including any associated mobile applications (Mobile Apps) owned and controlled by Palo Alto Software.

2. Changes and Updates

We periodically update this Privacy Policy. Any changes will be effective from the time the new Privacy Policy is posted, as indicated by the “Effective Date” listed above.

Your use of the Websites or Subscription Services after changes to this Privacy Policy have been implemented constitutes your acknowledgement and acceptance of the new Privacy Policy. If you do not agree to the terms of the new Privacy Policy, you must no longer use the Websites or Subscription Services.

3. Questions and Concerns

If you have any questions about this Privacy Policy, please contact our Data Protection Officer at privacy@paloalto.com or by postal mail at:

Palo Alto Software, Inc.
Attn: Noah Parsons, Data Protection Officer
44 W. Broadway, STE 426
Eugene, OR 97401
USA

VeraSafe has been appointed as Palo Alto Software's representative in the European Union for Personal Information protection matters, pursuant to Article 27 of the General Data Protection Regulation of the European Union. VeraSafe can be contacted in addition to privacy@paloalto.com, only on matters related to the processing of Personal Information. To make such an inquiry, please contact VeraSafe using this contact form: https://www.verasafe.com/privacy-services/contact-article-27-representative

Alternatively, VeraSafe can be contacted at:

Matthew Joseph
Zahradníčkova
1220/20A
Prague 15000
Czech Republic

VeraSafe Ireland Ltd
Unit 3D North Point House
North Point Business Park
New Mallow Road
Cork T23AT2P
Ireland

4. Information We Collect

4.1. Information You Voluntarily Provide When You Visit Our Websites and Use Our Subscription Services

You are free to explore our Websites without providing any Personal Information about yourself. You may also voluntarily provide Personal Information to us when you sign up to receive additional information from our Websites, or sign up for and use one of our Subscription Services, contact our customer service team, send us an email, post a comment on our blogs, or communicate with us in any other way. The Personal Information we process may include your name, address, email address, IP address, phone number, credit card information, and professional information. Furthermore, custom fields may capture any other types of Personal Information.

Our online Subscription Services allow you to create business plans, analyze accounting data, and manage email and other electronic communications.

Users of our Subscription Services can store any type of Personal Information in the services, including contents of and attachments to emails, but Palo Alto Software does not access or share that data, and does not know what type of data you or other users are storing. The data is only used by the account owner and invited end-users as they intend to use it.

4.2. Payment and Order Information

We collect and process payment information from you when you subscribe to any of our Subscription Services or order any products or services from our Websites, including credit cards numbers, billing information, and shipping information using third party PCI-compliant service providers.

4.3. Information We Collect Automatically

When you use any of our Subscription Services or browse one of our Websites, we or our third-party service providers may collect information about your visit to our Websites, your usage of the Subscription Services, and your web browsing. That information may include your IP address, your operating system, your browser ID, your browsing activity, and other information about how you interacted with our Websites. We may collect this information as a part of log files as well as through the use of cookies or other tracking technologies. Our use of cookies and other tracking technologies is discussed more below, and in more detail in our Cookie Statement.

4.4. Information from Your Use of Our Subscription Services

We may receive information about how and when you use the Subscription Services and store that information in log files or other types of files associated with your account, and link it to other information we collect about you. This information may include, for example, your IP address, time, date, browser used, and actions you have taken within the Subscription Service. This type of information helps us to improve our Subscription Services for both you and for all of our users.

4.5. Information We Receive from Third Parties

We may also receive your Personal Information directly from third parties, such as users of our Subscription Services who may provide your Personal Information directly to us.

4.6. Cookies

Palo Alto Software and its third-party partners use cookies or similar technologies to analyze trends, administer our Websites, track users' movements around our Websites, and to gather demographic information about our user base as a whole.

We use “cookies” to help you personalize your online experience. A cookie is a text file that is placed on your hard disk by a Web server. Cookies are not used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you, and can only be read by a Web server in the domain that issued the cookie to you. One of the primary purposes of cookies is to provide a convenience feature to save you time. The purpose of a cookie is to tell the Web server that you have returned to a specific page. For example, if you personalize pages on our Websites, or register for the Subscription Service, a cookie helps us to recall your specific information on subsequent visits. When you return to the same Website, the information you previously provided can be retrieved, so you can easily use the customized features.

Palo Alto Software keeps track of the Websites and pages you visit within the Palo Alto Software network of sites and services, in order to determine what portion of the Website or Subscription Service is the most popular or most used. This data is used to deliver customized content and promotions within the Palo Alto Software Websites and Subscription Services to customers whose behavior indicates that they are interested in a particular subject area.

Palo Alto Software also uses cookies and similar tracking technologies to serve targeted advertisements. In addition, we partner with third parties to display advertising on our Websites or to manage and serve our advertising on other sites. Our third-party partners may use cookies or similar tracking technologies in order to provide you advertising or other content based upon your browsing activities and interests.

If you wish to not have this information used for the purpose of serving you targeted ads, you may opt-out of certain companies serving you targeted advertisements by clicking here: http://preferences.truste.com/, or if located in the European Union, by clicking here: http://www.youronlinechoices.eu/. Please note this does not opt you out of being served advertising. You will continue to receive generic ads.

You have the ability to accept or decline cookies. Most Web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you may not be able to fully experience the interactive features of the Subscription Services or Websites you visit. To learn more about our use of cookies and other tracking technologies, as well as how to opt out of the use of cookies, visit our Cookie Statement.

4.7. Clear Gifs, Web Beacons & Web Bugs

We employ a software technology called clear gifs (a.k.a. Web Beacons/Web Bugs), that help us better manage the Websites and Subscription Services by informing us what content is effective. Clear gifs are tiny graphics with a unique identifier, similar in function to cookies, and are used to track the online movements of Web users. In contrast to cookies, which are stored on a user's computer hard drive, clear gifs are embedded invisibly on Web pages or in emails and are about the size of the period at the end of this sentence. We use clear gifs in our HTML-based emails to let us know which emails have been opened by recipients. This allows us to gauge the effectiveness of certain communications and the effectiveness of our marketing campaigns. We tie the information gathered by clear gifs in emails to our customers' Personal Information. If you would like to opt-out of these emails, please see “Opting Out and Unsubscribing” below.

4.8. Single Sign-On

You can log in to our Subscription Services using a Single Sign-on (SSO) service like your Google account. This service will authenticate your identity and provide you the option to share certain Personal Information with us such as your name and email address to pre-populate our sign-up form. Such services may give you the option to post information about your activities on this Website to your profile page to share with others within your network.

4.9. Personal Information about Children

The Websites and Subscription Services are not intended for or targeted at children under 13, and we do not knowingly or intentionally collect Personal Information about children under 13. If you believe that we have collected Personal Information about a child under 13, please contact us as provided for above in the section titled “Questions and Concerns”, so that we may delete that Personal Information.

5. How We Use the Personal Information We Collect

5.1. Controllership

Within the scope of this Privacy Policy, we act as either a data controller or a data processor for the Personal Information we process, depending on our relationship with you. For example, if Palo Alto Software processes your Personal Information in the course of providing Subscription Services, Palo Alto Software acts as a data processor for your Personal Information that we process. Conversely, Palo Alto Software is a data controller for your Personal Information that we process in relation to our marketing and other front-end activities on our Websites.

5.2. Basis of Processing

Where we act as a data controller within the scope of this Privacy Policy, we may rely on one or more of the following legal grounds for processing of your Personal Information:

Where we rely on your consent as a legal ground for processing your Personal Information, you may withdraw your consent at any time. However, if you withdraw your consent, it will not affect the lawfulness of the processing that occurred based on your consent prior to your withdrawal.

Where we act as a data processor within the scope of this Privacy Policy, we will process your Personal Information based on the documented instructions of the relevant data controllers.

Where we act as a data controller and we receive your Personal Information directly from you for the purpose of providing you with our Subscription Services or other services related to our Websites, we require such Personal Information to be able to perform our contractual obligations to you. Without the necessary Personal Information, Palo Alto Software will not be able to handle your requests.

5.3. We Never Sell Personal Information

We understand how important your Personal Information is to you. We are committed to keeping it strictly confidential. Your privacy is not for sale. We will never sell, rent, or otherwise abuse the Personal Information you have trusted us with.

5.4. Use of Personal Information

In addition to the uses identified elsewhere in this Privacy Policy, we may use your Personal Information to: (a) improve your browsing experience by personalizing the Websites and to improve the Subscription Services; (b) send information to you which we think may be of interest to you by post, email, or other means; (c) send you marketing communications relating to our business or the businesses of carefully-selected third parties which we think may be of interest to you, and (d) provide other companies with anonymous statistical information about our users – but this information will not be used to identify any individual user.

We may, from time to time, contact you on behalf of external business partners about a particular offering that may be of interest to you. In those cases, we do not transfer your unique Personal Information to the third party.

5.5. Sharing Personal Information with Third Parties (Service Providers)

We may use third parties to perform certain services on our behalf. We may share your Personal Information with these third parties, as necessary, solely to enable them to perform those specific services for us. Such third parties include those:

Such third parties are prohibited from using your Personal Information except for these purposes, and they are required to maintain the confidentiality and security of your information.

5.6. Advertising

We partner with third party advertising networks to either display advertising on our Websites or to manage our advertising on other sites. Our ad network partners use cookies and Web beacons to collect non-personally identifiable information about your activities on this and other Websites to provide you targeted advertising based upon your interests. If you wish to not have this information used by certain companies for the purpose of serving you targeted ads, you may opt-out by clicking here: http://preferences.truste.com/ (or if located in the European Union, by clicking here: http://www.youronlinechoices.eu/). Please note this does not opt you out of being served advertising. You will continue to receive generic ads.

5.7. Customer Testimonials and Comments

We post customer testimonials and comments on our Websites, which may contain Personal Information. If you would like your testimonial or comments altered or removed from our Websites, please contact us as requested in the section above titled “Questions and Concerns”.

5.8. Use of Credit Card Information

If you give us credit card information, we use it solely to check your financial qualifications and collect payment from you. We use a third-party service provider to manage credit card processing. This service provider is not permitted to store, retain, or use information you provide except for the sole purpose of credit card processing on our behalf.

5.9. Social Media Features

Our Websites include Social Media features, such as the Facebook “Like” button and widgets, the “Tweet This” button, and interactive mini-programs that run on our sites. These features may collect your IP address, which page you are visiting on our sites, and may set a cookie to enable the feature to function properly. Social Media features and widgets are either hosted by a third party or hosted directly on our Websites. The way your Personal Information is processed by these third parties is governed by the Privacy Policy and other policies of the companies providing them.

5.10. External Websites

Our Websites provide links to other websites. We do not control, and are not responsible for, the content or practices of these other websites. Our provision of such links does not constitute our endorsement of these other websites, their content, their owners, or their practices. This Privacy Policy does not apply to these other websites, which are subject to any privacy and other policies they may have.

5.11. Public Forums

We offer publicly accessible message boards, blogs, and community forums. Please keep in mind that if you directly disclose any information through our public message boards, blogs, or forums, this information may be collected and used by others. We will correct or delete any Personal Information you have posted on the Websites if you so request, as described under “Opting Out and Unsubscribing” below.

5.12. Retention of Personal Information

Where we act as a data processor, we retain your Personal Information for as long as is necessary for us to perform under our engagement with the data controller.

Where we act as a data controller, we retain Personal Information that you provide us as long as we consider it potentially useful in contacting you about the Subscription Services or our other services, or as needed to comply with our legal obligations, resolve disputes and enforce our agreements, and then we securely delete that Personal Information, but in any case within a period of no more than 12 months after the purposes of processing are satisfied. We may delete this information from the servers at an earlier date if you so request, as described under “Opting Out and Unsubscribing” below.

5.13. International Transfer of Personal Information

Some of our service providers who receive your Personal Information may be located in countries outside of the European Union or the European Economic Area (“EEA”). In some cases, the European Commission may not have determined that the legal environment in those countries provides a level of data protection that is essentially equivalent to the level of protection provided under European Union law. Transfers of your Personal Information to such service providers will typically be subject to appropriate safeguards, such as the standard contractual clauses for the transfer of Personal Information to third countries, as approved by, and available directly from, the European Commission.

5.14. Corporate Events

If we (or our assets) are acquired by another company, whether by merger, acquisition, bankruptcy or otherwise, that company would receive all information gathered by Palo Alto Software on the Websites and the Subscription Services. In this event, you will be notified via email and/or a prominent notice on our Websites, of any change in ownership, uses of your Personal Information, and choices you may have regarding your Personal Information.

5.15. Compelled Disclosure

We reserve the right to use or disclose your Personal Information if required by law or if we reasonably believe that use or disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or comply with a law, court order, or legal process.

6. Security

6.1. Security of Your Personal Information

We use a variety of security technologies and procedures to help protect your Personal Information from unauthorized access, use, or disclosure. We secure the Personal Information you provide on computer servers in a controlled, secure environment, protected from unauthorized access, use or disclosure. When sensitive Personal Information (such as a credit card number and/or geo-location data) is collected on our Websites and/or transmitted to other websites, it is protected through the use of encryption, such as the Secure Socket Layer (SSL) protocol.

6.2. Alerts in the Event of a Security Breach

If a security breach causes an unauthorized intrusion into our system that materially affects you, then Palo Alto Software will notify you as soon as possible and later report the action we took in response.

7. Opting Out and Unsubscribing

7.1. Reviewing, Correcting and Removing Your Personal Information

If you are a data subject about whom we process Personal Information, you may have the following rights with respect to that information:

You may have the right, under certain circumstances, to have the processing of your Personal Information limited (restricted), as well as the right to object to the processing of your Personal Information. You may also have the right to ask to have your Personal Information exported to a machine-readable format.

Where we act as a data controller, to exercise any of these rights, please contact us, as provided in the section above titled “Questions and Concerns”. We will respond to your request to change, correct, or delete your information within a reasonable timeframe and notify you of the action we have taken.

Where we act as a data processor, you may exercise your rights under this section by contacting the data controller who has provided your Personal Information to us.

7.2. Unsubscribing From Our Communications

You may unsubscribe from our marketing communications by clicking on the “unsubscribe” link located on the bottom of our emails, or by contacting us as provided under the section above tiled “Questions and Concerns”. Customers cannot opt out of receiving transactional emails, such as billing notifications, related to their account with us or the Subscription Services.

8. EU-U.S. and Swiss-US Privacy Shield

Palo Alto Software complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework (collectively, the “Privacy Shield Frameworks”) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Information transferred from the European Union, the EEA, and Switzerland, to the United States. Palo Alto Software has certified to the Department of Commerce that it adheres to the Privacy Shield Principles in each case with respect to all Personal Information that Palo Alto Software receives in reliance on the Privacy Shield Frameworks. If there is any conflict between the terms in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/ and https://www.privacyshield.gov/list, respectively.

Palo Alto Software is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC) with regard to the Privacy Shield Frameworks.

In compliance with the EU-U.S. and Swiss-U.S. Privacy Shield Principles, Palo Alto Software commits to resolve complaints about your privacy and our collection or use of your Personal Information. Individuals whose Personal Information is processed within the scope of our certification under the Privacy Shield Frameworks, and who have inquiries or complaints regarding this Privacy Policy, are advised to first contact us as provided under the section above titled “Questions and Concerns”.

Palo Alto Software has further committed to refer unresolved privacy complaints under the EU-U.S. and Swiss-U.S. Privacy Shield Principles to an independent dispute resolution mechanism. JAMS is the US-based independent organization responsible for reviewing and resolving complaints about our Privacy Shield compliance – free of charge to you. If you are not satisfied with our initial response, please contact JAMS at www.jamsadr.com/eu-us-privacy-shield. In the event that your concern still is not addressed by JAMS, you may be entitled to a binding arbitration under Privacy Shield and its principles, pursuant to the Privacy Shield's Recourse, Enforcement and Liability Principle and Annex I of the Privacy Shield.

Within the scope of our authorization to do so, and in accordance with our commitments under the Privacy Shield, Palo Alto Software will provide individuals access to Personal Information about them. Palo Alto Software also will take reasonable steps to enable individuals to correct, amend, or delete Personal Information that is demonstrated to be inaccurate.

With respect to Personal Information that Palo Alto Software receives in reliance on the Privacy Shield Frameworks, you have the right to opt out of having your Personal Information shared with third parties, and to revoke your consent that you have previously provided for your Personal Information to be shared with third parties, except as required by law. You also have the right to opt out if your Personal Information is used for any purpose that is materially different from, but nevertheless compatible with the purpose(s) for which it was originally collected or subsequently authorized by you.

Palo Alto Software is responsible for the processing of Personal Information it receives, under the Privacy Shield Frameworks, and subsequently transfers to a third party acting as an agent on its behalf. Palo Alto Software complies with the Privacy Shield Principles for all onward transfers of Personal Information within the scope of our certification under the Privacy Shield Frameworks, including the onward transfer liability provisions. Palo Alto Software remains liable for the protection of your Personal Information that we transfer to our service providers, except to the extent that we are not responsible for the event giving rise to any unauthorized or improper processing.

9. Supervisory Authority Oversight

If you are a data subject whose Personal Information we process, you may also have the right to lodge a complaint with a data protection regulator in one or more of the European Union member states.

This Privacy Policy governs our data collection, processing and usage practices. It also describes your choices regarding use, access and correction of your personal information.