Ping Identity Privacy Statement
This Privacy Statement describes our practices with respect to the personal information we collect from professionals and other individuals who interact with us directly, such as visitors to www.pingidentity.com and other Ping Identity websites.
1
Our Collection, Use and Disclosure of Personal Information
Ping Identity collects personal information from individuals who interact with us directly through our online sites, mobile apps or at trade shows, or business meetings. We only collect personal information when we have a legal basis for doing so.
“Personal Information” or “PI” is any information that can be used to identify, locate or contact you. It also includes other information that may be associated with your name or other identifiers. The chart below describes the categories of personal information we collect, the sources of that information, the reasons we collect it, and the types of people to whom we may disclose the information.
Please note that we may use and disclose any personal information for our “Everyday Business Purposes” as permitted by law. We may also disclose any personal information to our affiliates and to the service providers and contractors that need to use the information to provide services to us. We have contracts with these companies that require them to protect our information and to comply with law. We may also disclose any information if we have your consent or when required by law, such as in response to a subpoena or to law enforcement agencies and courts in the United States and other countries where we operate.
We do not sell any personal information for monetary consideration. We share personal information for online targeted advertising, including cross-contextual behavioral advertising, as indicated in the chart. You can opt-out of this sharing at any time by exercising Your Privacy Choices.
1 Everyday Business Purposes encompasses the Business Purposes (as defined by California law) and following related purposes for which any personal information may processed:
To provide the information, product or service requested by the individual or as reasonably expected given the context in which the personal information was collected (such as customer credentialing, providing customer service and preference management, providing product updates, bug fixes or recalls, and dispute resolution)
For identity and credential management, including identity verification and authentication, system and technology administration
To protect the security and integrity of systems, networks, applications and data, including detecting, analyzing and resolving security threats, and collaborating with cybersecurity centers, consortia and law enforcement about imminent threats
For fraud detection and prevention,
For legal and regulatory compliance, including all uses and disclosures of personal information that are required by law or for reasonably needed for compliance with company policies and procedures, such as: anti-money laundering programs, security and incident response programs, intellectual property protection and anti-piracy programs, and corporate ethics and compliance hotlines,
For corporate audit, analysis and reporting,
To enforce our contracts and to protect against injury, theft, legal liability, fraud or abuse, to protect people or property, including physical security programs
To de-identify the data or create aggregated datasets, such as for consolidating reporting, research or analytics,
To make back-up copies for business continuity and disaster recovery purposes, and
For corporate governance, including mergers, acquisitions and divestitures.
Contact Information | |
---|---|
Representative |
|
Sources | We collect this information from you and from third party data suppliers, such as services that provide sales leads. We may also obtain your information from publicly available sources, such as LinkedIn. We may use a service provider to update or standardize mailing addresses. |
Primary Purposes for Collecting | We use contact information to identify you and communicate with you by mail, email, telephone or text about your employment, including sending you transactional messages (such as confirmation) and commercial messages (such as marketing). Contact information is also used to personalize our communications, such as by using your preferred name. |
Categories of Recipients | We disclose contact information to our service providers, contractors and others, such as couriers and telecommunications providers who delivery our communications. |
| |
Government-issued Identification Numbers | |
---|---|
Representative |
|
Sources | We collect this information from you. |
Primary Purposes for Collecting | We use this type of information for identity verification and legal compliance, such as reporting payments made to suppliers, partners or influencers as required by law. |
Categories of Recipients | We disclose this information to service providers and contractors and others, such as payment processors, auditors and government agencies. |
| |
Biometric Identifiers | |
---|---|
Representative |
|
Sources | We do not collect biometric identifiers, but we offer authorization products that allow an individual to be authenticated (e.g., FaceID, iTouch). If you use these solutions, biometric data may be stored on your device. |
Primary Purposes for Collecting | We use biometric identifiers to help us identify and authenticate you, for security and similar purposes (such as fraud detection and prevention). |
Categories of Recipients | We disclose biometric identifiers to our service providers, contractors and others, such as cybersecurity firms, law firms or government agencies, if we detect misconduct. |
| |
Other Unique Identifiers | |
---|---|
Representative |
|
Sources | We assign a unique identification number to you when you become a customer or a supplier. We collect device identifiers and other unique identifiers from your devices and from our websites, apps and platforms, which use cookies and other data collection technologies. |
Primary Purposes for Collecting | We use unique identifiers to identify you or your device, including to associate you with different devices that you may use, for internal record-keeping and reporting, including for data matching and analytics, and to track your interactions with us, including for ad delivery and personalization. |
Categories of Recipients | We disclose these identifiers to our service providers, contractors and others, such as entities that assist with our information technology programs (such as website hosting companies) or administer promotions. We may also disclose these identifiers to auditors and companies that assist with security and fraud prevention.
|
| |
Business to Business Relationship Information | |
---|---|
Representative | We collect “B2B” information about professionals associated with our customers, suppliers and partners in the context of our commercial relationships. This includes:
|
Sources | If you are a professional, we collect this type of information from you and from your company. We also collect B2B data from publicly available sources, such as LinkedIn, or from third parties, such as data brokers, trade associations or trade shows. |
Primary Purposes for Collecting | We use this type of information to fulfill our business relationship with you and/or our commercial partner. We also use it to develop and maintain our relationship with you, including by sending you marketing communications, personalized offers and invitations, and for internal business purposes, such as customer service, quality control, training, reporting and analytics, risk management and compliance. |
Categories of Recipients | We may disclose this type of information to our service providers and contractors, to the company you work for, and other companies (such as your company’s affiliates and service providers), as needed for the commercial relationship, such as including your information on purchases that you authorize or completing satisfaction surveys from your company. |
| |
Consumer Relationship Information | |
---|---|
Representative | We collect personal information about individual consumers in the context of our direct relationships with them. This includes:
|
Sources | If you are a consumer, we collect this type of information from you and from other sources. For example, we may collect publicly available information about you from social media platforms. We may collect additional information from companies that provide information that helps us understand our customers, including data brokers and public records providers. We may also infer information about you based on information that you have given us and your past interactions with us and other companies. |
Primary Purposes for Collecting | We use this type of information to better understand you and to understand our customers generally, to design products, services and programs that appeal to our customers, including loyalty programs, to identify prospective customers and for internal business purposes, such as marketing, quality control, training and analytics. |
Categories of Recipients | We disclose consumer information to our service providers and contractors. As permitted by law, we may disclose consumer information to marketing partners and companies with whom we have similar relationships. While we do not sell consumer information for monetary consideration, consumer information may be shared with third parties as part of our online advertising programs. You can opt out of this sharing by exercising Your Privacy Choices. |
| |
Transaction Information | |
---|---|
Representative |
|
Sources | We collect this type of information from you and (if you are a professional) from your company. We receive this type of information from our service providers and contractors and from other companies, such as our payment processors, resellers or agents.
We may collect this information automatically when you visit our facilities or use our websites or apps. For example, our apps automatically log access requests, downloads and other transactions. |
Primary Purposes for Collecting | We use this type of information to fulfill our business relationship with you and/or your company, including for customer service, recordkeeping, compliance, and dispute resolution, and to administer programs, such as promotions and influencer programs. We also use this information for our internal business purposes, such as finance, quality control, training, reporting and analytics, and for risk management, fraud prevention and similar purposes. |
Categories of Recipients | We disclose transaction information to our service providers, contractors and others, such as to other entities as needed to complete the transaction, including delivery companies, agents and manufacturers, and to our auditors, financial institutions, and government agencies. If you are a professional, we may disclose this information to your company. |
| |
Financial Information | |
---|---|
Representative |
|
Sources | We collect this type of information from you and from our service providers, financial institutions and payment processors. |
Primary Purposes for Collecting | We use financial information to fulfill our business relationship with you, such as processing payments, issuing refunds and collections, and for internal business purposes, such as finance functions, audits, fraud prevention and compliance. |
Categories of Recipients | We disclose financial information to our service providers, contractors and others, such as payment processors, financial institutions, auditors and government agencies. |
| |
Health Information | |
---|---|
Representative |
|
Sources | We may collect health information from you if you need assistance accessing our products, services or facilities. We may collect this health information from you and from others, such as in connection with a workplace accident. |
Primary Purposes for Collecting | We use health data to accommodate disabilities and enable accessibility of our products, services and facilities, and for occupational health and safety programs and other internal business purposes, such as risk management and compliance. |
Categories of Recipients | We disclose health information to our service providers, contractors and others, such as healthcare providers, insurers, first responders (in the event of an emergency), or government agencies. We may also disclose health information to others if needed to provide you with an accommodation. |
| |
Online & Technical Information | Please read our statement about Cookies & Online Privacy for additional information. |
---|---|
Representative |
|
Sources | We collect this type of information from your computer or devices when you interact with our platforms, websites and applications. For example, when you visit our websites, our server logs record your IP address and other information. We may also receive this information from third parties, including computer security services and advertising partners. |
Primary Purposes for Collecting | We use technical information for system administration, technology management, including optimizing our websites and applications, and for information security and cybersecurity purposes, including detecting threats to our networks and systems.
We may use precise geolocation data to provide location-based services within our products. We may also use this information for information security and fraud prevention, and for internal business purposes, such as analytics.
We also use online and technical information for personalization, to better understand our customers and prospective customers and to enhance our relationship information, including by associating you with different devices and browsers, and for online targeting and advertising purposes. |
Categories of Recipients | We may disclose this type of information to our service providers and contractors, and others such as companies that support our information technology and cybersecurity programs. We do not share precise geolocation data, but other Online and Technical Information may be shared with third parties as part of our online advertising programs. You can opt out of this sharing by exercising Your Privacy Choices. |
| |
Audio Visual Information | |
---|---|
Representative |
|
Sources | We collect this type of information from you and from publicly available sources, such as social media sites. We may also collect this information automatically, such as when we record calls to our call center and use CCTV cameras in our facilities. |
Primary Purposes for Collecting | We use this type of information for internal business purposes, such as call recordings used for training, quality control, and compliance. We also use these data for relationship purposes, such as use of photos and videos for social media purposes or sentiment analytics, and for security purposes and loss prevention. |
Categories of Recipients | We may disclose this type of information to our service providers and contractors that support our information technology, security, and loss prevention programs. |
| |
IoT Data | |
---|---|
Representative Data Elements |
|
Sources | We collect these data elements automatically when you use connected devices. |
Primary Purposes for Collecting | We use these data to enable customers to authenticate a device. We also use this data for compliance and risk management purposes. |
Categories of Recipients | We disclose this information to our customers, service providers, contractors and others, such as government agencies. |
| |
Inferred and Derived Information | |
---|---|
Representative |
|
Sources | We create inferred and derived data elements by analyzing other data, such as our relationship information, transactional information and online and technical information. |
Primary Purposes for Collecting | We combine inferred data with other relationship information and use this type of information to better understand you and to understand our customers generally, to design products, services and programs that appeal to our customers, including loyalty programs, to identify prospective customers and for internal business purposes, such as quality control, training and analytics. We use inferred data to improve our security and fraud detection models. |
Categories of Recipients | We disclose derived information to our service providers, contractors and others, such as management consulting firms and security firms. |
| |
Children's Data |
We do not knowingly collect, use or disclose any personal information of children under 16. |
|
Compliance Data | |
---|---|
Representative |
|
Sources | We collect compliance data from you and from our providers, contractors, and others, such as screening companies, investigators, legal advisors and government agencies. We may generate compliance records internally, such as when we document a workplace event. |
Primary Purposes for Collecting | We use compliance data for internal governance, corporate ethics programs, institutional risk management, reporting, demonstrating compliance and accountability externally, and as needed for litigation and defense of claims. |
Categories of Recipients | We disclose compliance to our service providers, contractors and others, such as auditors, investigators, lawyers, advisors, government agencies and others as required by law. |
| |
Please note that we may also use and disclose information about you that is not personally identifiable. For example, we may publish reports or create products that contain de-identified, aggregated or statistical data. These reports and products do not contain any information that would enable the recipient to contact, locate or identify you.
2
Your Privacy Rights and How to Exercise Them
Ping Identity respects your rights to access, correct and request erasure or restriction of your personal data as required by law. Depending on your country or state of residence, these rights may include:
- The right to be informed about our collection, use and disclosure of your personal information,
- The right to know if we maintain your personal information, and if we do, to access that information (subject to the rights of others) and to request that we provide your information in a portable format,
- The right to ask us to correct your information if it is incomplete or incorrect,
- The right to ask that we delete your personal information, and
- The right to object to our processing of your personal information, including the rights to object to:
- the sale of your personal information,
- the sharing or use of your personal information for certain types of online targeted advertising,
- the use of profiling or automated decision-making which might significantly affect you,
- if we are processing your personal information based on your consent, to withdraw your consent at any time.
To learn more about the specific rights that you have and to exercise your rights, please visit our privacy rights portal at Your Privacy Choices. You can also contact the Ping Identity Privacy Office at privacy@pingidentity.com.
Please understand that these rights are subject to some limitations. For example, we may require documentation to support certain corrections to your information, and we generally cannot restrict or delete personal information in those situations where our retention is required for our internal business purposes or to comply with law.
We will not retaliate against you if you exercise your privacy rights.
3
Analytics, Profiling and Automated Decision-Making
We may use analytics to understand how individuals interact with our products, websites and apps. These analytics products allow us to improve our products and give us insights for product development and personalization. We also use analytics for security and fraud prevention. Other than as described in our Career Center Privacy Statement, we do not use profiling or automated decision-making tools to make decisions that produce legal or similarly significant legal effects for you; any such decisions are subject to human review.
4
Information Security
We have an information security program that is reasonably designed to protect the confidentiality and security of all the personal information that is entrusted to us. Our security safeguards protect against unauthorized access, improper use, alteration, destruction or accidental loss. Our service providers and data processors are contractually required to implement appropriate security controls.
5
Data Retention
We will retain your personal information for as long as the information is needed for the purposes listed above and for any additional period that may be required or permitted by law, such as for business, legal, accounting, or reporting requirements. The length of time your personal information is retained depends on the purpose(s) for which it was collected, how it is used, and the requirements we have under applicable laws. If you would like us to delete your personal information, please see Your Privacy Choices for information about how to submit a deletion request. If we do not have a legal basis for retaining your information, we will delete it as required by applicable law.
6
International Transfers of Personal Information
Ping Identity is a global family of companies, headquartered in the United States. If you reside outside the US, your personal information may be processed or stored in the United States or other countries which may not have equivalent privacy or data protection laws. However, regardless of where your personal information is transferred, we will protect it in accordance with this Privacy Policy and applicable law.
Where required, we use approved Standard Contractual Clauses and other approved data transfer mechanisms to assure that personal data is adequately protected. Please contact the Ping Identity Privacy Office at privacy@pingidentity.com if you would like more information about cross-border transfers or to obtain a copy of any applicable Standard Contractual Clauses.
7
Our Commitment to Data Privacy Framework
Ping Identity complies with the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. Ping Identity has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Ping Identity has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern To learn more about the Data Privacy Framework program, please visit https://www.dataprivacyframework.gov/s/. To view our Data Privacy Framework certification, please visit https://www.dataprivacyframework.gov/s/participant-search.
In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Ping Identity commits to cooperate and comply, respectively, with the advice of the panel established by the EU data protection authorities (DPAs), the UK Information Commissioner’s Office (ICO) and the Gibraltar Regulatory Authority (GRA), and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF.
The United States Federal Trade Commission has jurisdiction over Ping Identity’s compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF).
Individuals have the possibility, under certain conditions, to invoke binding arbitration for complaints regarding Data Privacy Framework compliance not resolved by any of the other DPF mechanisms. See the link to Annex I of the DPF Principles for additional information: https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2
Ping Identity may have liability in the case of onward transfers to third parties.
If you have an inquiry or a complaint regarding our Data Privacy Framework compliance program, please contact us via email to privacy@pingidentity.com. We will respond within 45 days.
Ping Identity may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
8
Information for Job Applicants and Staff
If you are a prospective, current, or former Ping Identity employee, your personal information is used for customary human resources purposes. Job applicants can read our Career Center Privacy Statement. You can also contact the Ping Identity Privacy Office at privacy@pingidentity.com for more information about our HR Privacy Program or visit our privacy rights portal at Your Privacy Choices to learn how to exercise your privacy rights.
9
Links to Other Websites
Our websites contain links to other websites for your convenience and information. We may also provide links that allow you to access and interact with other companies that are not affiliated with Ping Identity, such as our partners. When you intentionally interact with another company though these links, that company’s own policy will govern the personal information that you provide. We suggest you review each company’s privacy policies before you submit personal information to them. We are not responsible for the privacy practices of companies that are not affiliated with Ping Identity.
10
Updates to our Privacy Policy
We may update this Privacy Policy from time to time. We will post an alert online if the changes are material, and we will use good faith efforts to post these changes at least 30 days before they come into effect. If the changes will materially affect the way we use personal information that we have already collected, we will notify you.