LogonLabs Privacy Statement and GDPR Addendum

Privacy Statement

Last update on: April 2, 2019

Your privacy is important to us. This privacy statement explains how LogonLabs Inc. (“LogonLabs”, “us”, “we”) collects and uses your personal information.

The product-specific details sections provide additional information relevant to LogonLabs products. This statement applies to the LogonLabs products listed below, as well as other LogonLabs products that display this statement. References to LogonLabs products in this statement include LogonLabs services, websites, apps and software.

Scope

This Policy applies to the processing of Individual Customer Personal Data that LogonLabs receives in Canada concerning Individual Customers who reside in the European Union and Switzerland. LogonLabs provides products and services to businesses and consumers.

This Policy does not cover data from which individual persons cannot be identified or situations in which pseudonyms are used. (The use of pseudonyms involves the replacement of names or other identifiers with substitutes so that identification of individual persons is not possible.)

Responsibilities and Management

LogonLabs has designated a Privacy Officer to oversee its information security program, including its compliance with GDPR. The Privacy Officer will review and approve any material changes to this program as necessary. Any questions, concerns, or comments regarding this Policy also may be directed to privacyofficer@LogonLabs.com.

LogonLabs will maintain, monitor, test, and upgrade information security policies, practices, and systems to assist in protecting the Personal Data that it collects. LogonLabs personnel will receive training, as applicable, to effectively implement this Policy. Please refer to Security of Personal Data for a discussion of the steps that LogonLabs has undertaken to protect Personal Data.

Collection and Use of Personal Data

LogonLabs provides the ability for its Customers to integrate with authentication services provided by Identity Providers (IDPs). To operate effectively and provide LogonLabs customers with the best experience with our products, LogonLabs collects Personal Data from individual Participants.

Personal Data We Collect

The data we collect depends on the products and features a LogonLabs Participant uses, and can include the following:

Name and contact data.We may collect first and last name, email address, postal address, phone number, and other similar contact data.

Credentials.We collect passwords, password hints, and similar security information used for authentication and account access.

Demographic data.We collect data about a Participant such as preferred language.

Device and Usage data.We collect data about a Participant’s device and how a Participant and their device interacts with LogonLabs and our products. For example, we collect:

Product use data. We collect data about the features used, the items purchased, and the web pages visited.
Device, connectivity and configuration data. We collect data about a Participant’s device and the network used to connect to our products. It includes data about the operating systems and other software installed on your device, including product keys. It also includes IP address, device identifiers (such as the IMEI number for phones), regional and language settings.
Error reports and performance data. We collect data about the performance of the products and any problems experienced with them. This data helps us to diagnose problems in the products, and to improve our products and provide solutions. Depending on the product and settings, error reports can include data such as the type or severity of the problem, details of the software or hardware related to an error, contents of files being used when an error occurred, and data about other software on the device.
Support Data. When engaging LogonLabs for support, we collect data about the Participant and the hardware, software, and other details related to the support incident. Such data may include contact or authentication data, the content of communications with LogonLabs support, data about the condition of the machine and the application when the fault occurred and during diagnostics, and system and registry data about software installations and hardware configurations.

ALL content, when transported between LogonLabs products, is done using HTTPS (TLS 1.1 or higher).

We also collect the content of messages sent to us, such as feedback, product reviews, or questions and information provided for customer support. When a Participant contacts us, such as for customer support, phone conversations or chat sessions with our representatives may be monitored and recorded.

Product-specific sections below describe data collection practices applicable to use of those products.

LogonLabs does not disclose personal information to third parties for purposes that are materially different than what it was originally collected for. Should this change in the future, we will provide individuals with the option to opt-out.

Reasons We Share Personal Data

We may share personal data among LogonLabs-controlled affiliates and subsidiaries. We also may share personal data with vendors or agents working on our behalf for the purposes described in this statement. For example, companies we’ve hired to provide customer service support or assist in protecting and securing our systems and services may need access to personal data to provide those functions. In such cases, these companies must abide by our data privacy and security requirements and are not allowed to use personal data they receive from us for any other purpose. We may also disclose personal data as part of a corporate transaction such as a merger or sale of assets. Finally, we will access, transfer, disclose, and preserve personal data, including Participant content when we have a good faith belief that doing so is necessary to:

comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies;
protect our customers, for example to prevent spam or attempts to defraud users of our products, or to help prevent the loss of life or serious injury of anyone;
operate and maintain the security of our products, including to prevent or stop an attack on our computer systems or networks; or
protect the rights or property of LogonLabs, including enforcing the terms governing the use of the services – however, if we receive information indicating that someone is using our services to traffic in stolen intellectual or physical property of LogonLabs, we will not inspect a customer’s private content ourselves, but we may refer the matter to law enforcement.

Additionally, we may contact you from time to time for the purpose of providing product or service updates or other such information, including by regular mail as well as through in-product notifications.

Disclosures / Onward Transfers of Personal Data

Except as otherwise provided herein, LogonLabs discloses Personal Data only to Third Parties who reasonably need to know such data only for the scope of the initial transaction and not for other purposes. Such recipients must agree to abide by confidentiality obligations.

LogonLabs may provide Personal Data to Third Parties that act as agents, consultants, and contractors to perform tasks on behalf of and under our instructions. For example, LogonLabs may store such Personal Data in the facilities operated by Third Parties. Such Third Parties must agree to use such Personal Data only for the purposes for which they have been engaged by LogonLabs and they must either:

comply with the Privacy Shield principles or another mechanism permitted by the applicable EU & Swiss data protection law(s) for transfers and processing of Personal Data;
or agree to provide adequate protections for the Personal Data that are no less protective than those set out in this Policy;

LogonLabs also may disclose Personal Data for other purposes or to other Third Parties when a Data Subject has consented to or requested such disclosure. Please be aware that LogonLabs may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements. LogonLabs is liable for appropriate onward transfers of personal data to third parties.

Access/Choice

Pursuant to the Privacy Shield Frameworks, EU and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also may correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under Privacy Shield, should direct their query to privacyofficer@LogonLabs.com. If requested to remove data, we will respond within a reasonable timeframe. We will provide an individual opt-out or opt-in choice before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to privacyofficer@LogonLabs.com.

Cookies & Similar Technologies

LogonLabs uses cookies (small text files placed on your device) and similar technologies to provide our websites and online services and to help collect data. The text in a cookie often consists of a string of numbers and letters that uniquely identifies your computer, but it can contain other information as well.

Our Use of Cookies and Similar Technologies

LogonLabs uses cookies and similar technologies for several purposes, depending on the product, including:

Storing your Preferences and Settings.Settings that enable our products to operate correctly or that maintain your preferences over time may be stored on your device.
Sign-in and Authentication.When you sign into a service using your LogonLabs credentials, we store a unique ID number, and the time you signed in, in an encrypted cookie on your device. This cookie allows you to move from page to page within the site without having to sign in again on each page.
Analytics.To provide our products, we use cookies and other identifiers to gather usage and performance data. For example, we use cookies to count the number of unique visitors to a web page or service and to develop other statistics about the operations of our products.

Security of Personal Data

LogonLabs is committed to protecting the security of your personal data. We use a variety of security technologies and procedures to help protect your personal data from unauthorized access, use or disclosure. For example, we store the personal data you provide on computer systems that have limited access and are in controlled facilities. When we transmit any data (such as messages, attachments, etc.) over the Internet, we protect it using HTTPS encryption.

Where We Store and Process Personal Data

Personal data collected by LogonLabs may be stored and processed in your region, in the United States or in any other country where LogonLabs or its affiliates, subsidiaries or service providers maintain facilities. LogonLabs maintains its services in Canada. Typically, the primary storage location is in the customer’s region or in the United States, often with a backup to a data center in another region. The storage location(s) are chosen to operate efficiently, to improve performance, and to create redundancies to protect the data in the event of an outage or other problem. We take steps to ensure that the data we collect under this privacy statement is processed per the provisions of this statement and the requirements of applicable law wherever the data is located.

Our Retention of Personal Data

LogonLabs retains personal data for as long as necessary to provide the products and fulfill the transactions you have requested, or for other essential purposes such as complying with our legal obligations, resolving disputes, and enforcing our agreements. Because these needs can vary for different data types in the context of different products, actual retention periods can vary significantly. The criteria used to determine the retention periods include:

How long is the personal data needed to provide the products and operate our business? This includes such things as maintaining and improving the performance of those products, keeping our systems secure, and maintaining appropriate business and financial records. This is the general rule that establishes the baseline for most data retention periods.
Do customers provide, create, or maintain the data with the expectation we will retain it until they affirmatively remove it? Examples include a document you store in in your inbox. In such cases, we maintain the data until you actively delete it or until retention policy settings are fulfilled.
Has the Customer provided consent for a longer retention period? If so, we will retain data in accordance with that consent.
Is LogonLabs subject to a legal, contractual, or similar obligation to retain the data? Examples can include mandatory data retention laws in the applicable jurisdiction, government orders to preserve data relevant to an investigation, or data that must be retained for the purposes of litigation.

Changes to This Privacy Statement

We will update this privacy statement when necessary to reflect customer feedback and changes in our products. When we post changes to this statement, we will revise the “last updated” date at the top of the statement. If there are material changes to the statement or in how LogonLabs will use your personal data, we will notify you either by prominently posting a notice of such changes before they take effect or by directly sending you a notification. We encourage you to periodically review this privacy statement to learn how LogonLabs is protecting your information

How to Contact Us

If you have any concerns, technical or support questions, please submit an email to LogonLabs Support.

Enforcement and Dispute Resolution

Complaints can also be submitted to:

LogonLabs, Inc. c/o Privacy Officer ADDRESS Email: privacyofficer@LogonLabs.com

Other Important Privacy Information

Below you will find additional privacy information you may find important.

GDPR Privacy Rights

LogonLabs adheres to applicable data protection laws in the European Economic Area, which if applicable includes the following rights:

If the processing of personal data is based on your consent, you have a right to withdraw consent at any time for future processing by asking LogonLabs to disable your account.
You have a right to request from us, a “data controller” as defined in the law, access to and rectification of your personal data;
You have a right to object to the processing of your personal data; and
You have a right to lodge a complaint with a data protection authority.
You may also have the right to make a GDPR complaint to the relevant Supervisory Authority. A list of Supervisory Authorities is available here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm. If you need further assistance regarding your rights, please contact us using the contact information provided below and we will consider your request in accordance with applicable law. In some cases, our ability to uphold these rights for you may depend upon our obligations to process personal information for security, safety, fraud prevention reasons, compliance with regulatory or legal requirements, or because processing is necessary to deliver the services you have requested. Where this is the case, we will inform you of specific details in response to your request.

As applicable under French law, you can also send specific instructions to us regarding the use of your personal data after your death.

When we process personal data about you, we do so with your consent and/or as necessary to provide the products you use, operate our business, meet our contractual and legal obligations, protect the security of our systems and our customers, or fulfill other legitimate interests of LogonLabs as described in the “How We Use Personal Data” and “Reasons We Share Personal Data” sections above.