Effective: March 31, 2021
At SailPoint Technologies, Inc., we are committed to respecting your privacy. A reference in this Privacy Statement to “SailPoint”, “we”, “us”, or “our” is a reference to SailPoint Technologies, Inc., or, if applicable, its relevant affiliate carrying out the processing of your Personal Information. We recognize that when you choose to provide us with information about yourself, you trust us to act in a responsible manner and to protect and safely manage any personal information that you share with us. This Privacy Statement explains who we are, how we collect, share and use Personal Information we collect about you and how you can exercise your privacy rights.
“Personal Information” means any information that may be used to identify, relate to, describe, or that is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual, household or device.
This Privacy Statement applies to all services described herein, regardless of whether offered by SailPoint or any of its affiliated companies, including services offered by Orkus, OverWatchID, Intello and ERP Maestro. With respect to Personal Information of our customers’ end users and employees collected in connection with our provision of software services to such customers (such data, “End User Data”), we are a “processor” or “service provider” for our customers. This Privacy Statement does NOT apply to such end users and employees or their potential rights. For more information about potential rights under applicable privacy laws with respect to End User Data, and to exercise such rights where applicable, please contact the party that is our customer.
If you have any questions or concerns about our use of your Personal Information, then please contact us using the contact details provided at the bottom of this Privacy Statement.
We recommend that you read this Privacy Statement in full to ensure you are fully informed. However, if you only want to access a particular section of this Privacy Statement, then you can click on the relevant link below to jump to that section.
- What does SailPoint do?
- Collection, Use and Purpose Limitations of Your Information
- Disclosures, Sharing and Onward Transfers of Your Information
- Legal Basis for Processing Personal Information (EEA and Swiss visitors only)
- Data Retention
- Your Data Protection Rights and Choices
- California Residents’ Rights
- Privacy Policies of Third Party Services and Third Party Websites
- Change Management of Privacy Statement
- Children’s Personal Information Policy
- Contact Information
What does SailPoint do?
SailPoint is a provider of enterprise software, Applications, and services, headquartered in the United States.
For more information about SailPoint please see the “About” section of our Website at https://www.sailpoint.com/company.
What information do we collect?
When you interact with the Website, Applications, Services and Third Party Services, we collect two types of Personal Information from you:
- Personal Information, including name, user ID, image, email address, phone number, and professional information; and
- Device identifiable information, including your IP address, browser type and language, access times, pages visited, and referring website addresses.
If you make any payment through our Website or Applications, your credit card and other billing details may be gathered and stored with our trusted Payment Processors for the purpose of completing your purchases.
In the 12 months prior to the date of this Privacy Statement, we have collected the categories of Personal Information identified above and disclosed Personal Information as described in this Privacy Statement.
How is your information collected?
We collect Personal Information about you from a variety of sources, including directly or automatically from you, from third party sites and businesses, as well as from publicly available information.
Information you provide voluntarily:
Certain parts of our Website, Applications, Services and Third Party Services may ask you to provide Personal Information voluntarily. For example, we may collect personal identifiers such as your name, email address, and phone number, and professional information such as your occupation and place of employment in order to register an account with us, to make use of our Services or Applications, to subscribe to marketing communications from us, to engage with a member of our team regarding your use of our Services or Applications, or in submitting enquiries to us.
When you participate in, download, access, use, or sign up to receive Services, Applications, Third Party Services, activities or online content, such as email publications, blogs, newsletters, competitions, live chats, message boards, vote, or create an account using SailPoint’s online registration system (e.g., for Compass, Identity University, Support Portal or Third Party Services), SailPoint may receive Personal Information about you, including personal identifiers and professional information, that we use to provide our identity management and governance services to our business customers. In comments you post to blogs, competitions, live chats, or message boards, you may also voluntarily disclose additional categories of Personal Information, depending on the content of your posts.
Automatic Collection of Information:
When you use the IDN Extension, SailPoint may receive internet activity information, including data about your online browsing activity and the addresses of websites that you visit. This information is used to provide password replay functionality to you in connection with your use of the IDN Extension.
When you complete training or certification courses through SailPoint, we automatically record and retain results for our administrative and recordkeeping purposes.
When you access or use our Applications, we automatically collect mobile activity information about your use of the Applications, including crash logs and usage statistics, and about your mobile device and its interaction with the Applications, including the type of mobile device you use with the Applications, your wireless service carrier, your device ID and operating system, the type of mobile Internet browsers in use, and the location of your device including geo-location information.
SailPoint may also receive information from you via any blogs, forums, or comments pages that are maintained within the Website, Applications or Third Party Services. Note that if you provide any Personal Information via any such pages maintained or used for public comment, your information will be publicly available to any other User or Visitor.
- Identify you when you access, visit, or log-in to any Website. This enables you to re-visit any Website without having to re-enter information upon each visit.
- To note different areas of any Website which have recently been accessed through your computer. Information collected in this way may be used to develop and manage the online services of SailPoint by, for example, storing information about your preferences so as to enable SailPoint to customize any Website according to your individual interests.
- Delivering content on any Website which is relevant to your individual interest.
- Monitoring the effectiveness of any promotions or marketing campaigns by SailPoint or its Affiliates.
- Tracking your entries, submissions, and status in promotions, sweepstakes, and contests.
- Analyzing and improving Website security.
The Websites do not respond to “do not track” signals from browsers. Thus, your selection of the “do not track” option provided by your browser may not have any effect on our collection of cookie information for analytic and internal purposes. To effectively manage our collection of cookie information, you may set most browsers to notify you if you receive a cookie, or you may choose to block cookies through the settings associated with your browser. But, please note that if you choose to erase or block cookies, you will need to re-enter your original information (e.g., user name, password, or general contact info) to gain access to certain parts of the Websites and may not be able to access other parts of the Websites.
SailPoint may also use tracking technologies that record information such as Internet domain and host names; Internet protocol (IP) addresses; browser software and operating system types; clickstream patterns; and dates and times that any Website is accessed by Visitors. SailPoint may also analyze information for trends and statistics, such as through the use of Google Analytics or other similar analytics services.
For more information about cookies please see the “Cookie Notice” section of our Website at Cookie Notice.
Disclosures, Sharing and Onward Transfers of Your Information
Who does SailPoint share my Personal Information with?
We may disclose your Personal Information to the following categories of recipients:
- to our group companies, Affiliates, third party services providers and partners who provide data processing services to us (for example, to support the delivery of, provide functionality on, or help to enhance the security of our Website, Applications, Third Party Services or Services), or who otherwise process Personal Information for purposes that are described in this Privacy Statement or otherwise notified to you when we collect your Personal Information;
- to your employer or hiring entity, if you participated in training or received certification through your employer or hiring entity;
- to the third parties that provide the Third Party Services for the purposes described in this Privacy Statement and each third party’s privacy statement;
- to any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights and property, or (iii) to protect your rights, property or safety or those of any other person;
- to an actual or potential buyer (and its agents and advisers) in connection with any actual or proposed purchase, merger or acquisition of assets or any part of our business; and
- to any other person with your consent to the disclosure.
Finally, we also share aggregated, anonymized or statistical information about you (and your use of our Websites, Services and Applications) with others for a variety of purposes, including to improve our products and services. Such information is not Personal Information and is not subject to the restrictions set forth in this Privacy Statement.
International data transfers
Your Personal Information may be transferred to, and processed in, countries other than the country in which you are resident. These countries may have data protection laws that are different to the laws of your country (and, in some cases, may not be as protective).
Specifically, our Website and Application servers are located in the United States, and our third party service providers and partners operate around the world. This means that when we collect your Personal Information we may process it in any of these countries.
However, we have taken appropriate safeguards to require that your Personal Information will remain protected in accordance with this Privacy Statement.
Where Personal Information originates from the European Economic Area or Switzerland and is transferred to the United States, SailPoint agrees to comply with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks, respectively. SailPoint makes an affirmative commitment to adhere to EU-U.S. and Swiss-U.S. Privacy Shield Principles (the “Privacy Shield Principles”). The U.S. subsidiaries of SailPoint Technologies, Inc., as listed here, also adhere to the EU-U.S. and Swiss-U.S. Privacy Shield Principles. With respect to such Personal Information, to the extent of any conflict between the terms in this Privacy Statement and the Privacy Shield Principles, the Privacy Shield Principles govern. More information on the EU-U.S. and Swiss-U.S. Privacy Shield programs can be found at https://www.privacyshield.gov.
In the context of an onward transfer, SailPoint has responsibility for processing Personal Information it receives under Privacy Shield and subsequently transfers to a third party acting as an agent on its behalf. Where required by Privacy Shield, we enter into written agreements with those third-party agents and service providers requiring them to provide the same level of protection Privacy Shield requires and limiting their use of the data to the specified services provided on our behalf. We take reasonable and appropriate steps to ensure that third-party agents and service providers process EEA and Swiss Personal Information in accordance with our Privacy Shield obligations and to stop and remediate any unauthorized processing. Under certain circumstances, we may remain liable for the acts of our third party agents or service providers who perform services on our behalf for their handling of EEA or Swiss Personal Data that we transfer to them.
On July 16, 2020, the Court of Justice of the European Union (CJEU) issued a judgment which made the EU-U.S. Privacy Shield Framework no longer a valid mechanism to comply with EU data protection requirements when transferring personal data from the European Union to the United States. Following the CJEU’s decision, the Swiss Federal Data Protection and Information Commissioner also concluded that the Swiss-U.S. Privacy Shield no longer provides a valid mechanism for the transfer of personal data from Switzerland to the United States. However, SailPoint continues to honor its commitments under the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework, along with reliance on alternative mechanisms to legitimize international personal data transfers from the European Union or Switzerland to the United States, such as by implementing standard contractual clauses.
Legal basis for processing Personal Information (EEA and Swiss visitors only)
If you are a User or Visitor from the European Economic Area or Switzerland, our legal basis for collecting and using the Personal Information described above will depend on the Personal Information concerned and the specific context in which we collect it.
However, we will normally collect Personal Information from you only (i) where we need the Personal Information to perform a contract with you, (ii) where the processing is in our legitimate interests (e.g., responding to your requests and enquiries via our SailBot tool) and not overridden by your rights, or (iii) where we have your consent to do so.
If you have questions about or need further information concerning the legal basis on which we collect and use your Personal Information, please contact us using the contact details provided under the “Contact Information” heading below [Contact Information].
Wherever your Personal Information may be held within SailPoint or on its behalf, SailPoint takes reasonable and appropriate steps to protect the Personal Information that you share with us from unauthorized access or disclosure. SailPoint trains its employees on data handling practices. In addition, SailPoint and its business partners enter into confidentiality agreements which require that care and precautions be taken to prevent loss, misuse, or disclosure of your Personal Information.
However, while we attempt to ensure the integrity and security of Personal Information, please note that no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, although SailPoint complies with its legal obligations in respect of the security of your personal data we cannot guarantee its absolute security.
We retain Personal Information we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax or accounting requirements).
When we have no ongoing legitimate business need to process your Personal Information, we will either delete or anonymize it or, if this is not possible (for example, because your Personal Information has been stored in backup archives), then we will securely store your Personal Information and isolate it from any further processing until deletion is possible.
Your data protection rights and choices
- If you wish to make a request to access, correct, update or delete your Personal Information, you can do so at any time by contacting us using the contact details provided under the “Contact Information” heading below [Contact Information]. If you are a California resident, see below for additional information.
- You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you. To opt-out of other forms of marketing (such as postal marketing or telemarketing), then please contact us using the contact details provided under the “Contact Information” heading below [Contact Information].
If you are a resident of the European Economic Area or Switzerland, you can also:
- object to processing of your Personal Information, ask us to restrict processing of your Personal Information or request portability of your Personal Information. Again, you can exercise these rights by contacting us using the contact details provided under the “Contact Information” heading below [Contact Information].
- Similarly, if we have collected and process your Personal Information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Information conducted in reliance on lawful processing grounds other than consent.
- You have the right to complain to a data protection authority about our collection and use of your Personal Information. For more information, please contact your local data protection authority.
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.
California Residents’ Rights
If you are a California resident whose information is covered by the California Consumer Privacy Act (the “CCPA”), you may have certain rights regarding Personal Information we may have collected about you, as described in this below.
Those rights include (a) the right to access specific pieces of Personal Information we have collected about you in the 12 months prior to receipt of a verified request, and (b) the right to know about the categories of Personal Information we collected about you, the categories of sources from which that information was collected, the purpose for collection, and/or the categories of Personal Information we have shared with third parties and the categories of those third parties, all within the 12 months preceding your verified request.
You may also have the right to request deletion of Personal Information we have collected about you that is covered by the CCPA, subject to various exceptions in the CCPA.
These rights to access, know about, or delete Personal Information do not apply to Personal Information we may have collected in the course of certain business-to-business transactions or in the human resources context, consistent with the CCPA.
We do not sell the Personal Information of California residents.
Submitting CCPA requests
You may submit a request for Personal Information consistent with this section by emailing us at [email protected] or 1-877-378-1220.
Depending on the nature of your request, we may ask you for information that we already have on file to verify your request and identity.
Please note that you may designate an agent to submit requests on your behalf. Any such agent will have to verify their identity and we will require separate verifiable confirmation from you that you have authorized the agent to act on your behalf.
We are committed to complying with the law. If you exercise any of the rights explained in this Privacy Statement, we will continue to treat you fairly.
We are a CCPA Service Provider
SailPoint primarily operates as a “service provider,” as that term is defined in the CCPA, for its customers. This means SailPoint primarily collects and/or processes Personal Information on behalf of its customers, for customers’ business purposes, pursuant to written agreements. As a service provider, we do not use, disclose or retain Personal Information collected in its capacity as a service provider other than is necessary to perform the services for its customers as described in their agreements.
If we receive a request to access, know about, or delete Personal Information we have collected in our capacity as a service provider, we will inform the requestor that we will not be responding because we are a service provider, and recommend you place your request directly to the business.
Privacy Policies of Third Party Services and Third Party Websites
Our Website, Applications, and Third Party Services may contain or reference links to non-SailPoint websites (including the websites of the providers of Third Party Services). SailPoint has no control over, and assumes no responsibility for, the content, privacy policies (if any), or practices of any third party website or any link contained in a third party website. The inclusion of a link within any Website, Applications, or Third Party Service does not imply any endorsement by or any affiliation with SailPoint. Access to any third party website is at your own risk, and you should be aware that third party websites may contain privacy policies that have terms that are different from that of this Privacy Statement.
In connection with your use of any Website, Applications, Service or Third Party Service, you may be made aware of services, products, articles, offers, and promotions provided by third parties, and not by us.
Finally, your use of Third Party Services may expose your data to the providers of such Third Party Services. The collection, use and retention of your data by such third parties is governed solely by such third parties’ respective privacy policies, and SailPoint has no control over how such third parties use your data.
Updates to the Privacy Statement
SailPoint may amend this Privacy Statement from time to time by posting a revised Privacy Statement on our Website. If SailPoint makes material changes to this Privacy Statement, SailPoint will endeavor to notify you of such changes (e.g., by email or an alert on any Website for a period of time). However, regularly reviewing this page is the best method to ensure you are always aware of the information SailPoint collects, how it is used and under what circumstances.
You can see when this Privacy Statement was last updated by checking the “last updated” date displayed at the top of this Privacy Statement.
Children’s Personal Information Policy
SailPoint does not knowingly solicit or sell any Personal Information from children under the age of 16. If SailPoint is made aware that SailPoint has collected Personal Information from a child under 16 years old in a manner that is inconsistent with the Children’s Online Privacy Protection Act of the United States, then SailPoint will delete this information as soon as practicable.
SailPoint is committed to ensuring that our communications, including our Website, are accessible to people with disabilities. Our Website is designed to meet recognized industry standards of accessibility. To make accessibility-related requests or report barriers, please contact us at 1-512-346-2000 or contact us at [email protected].
“Affiliates” refers to present or future companies that, directly or indirectly, through one or more intermediaries, control, are controlled by, or are under common control with SailPoint.
“Application(s)” refers to the mobile applications provided by SailPoint and its Affiliates.
“Compass” refers to the SailPoint Support Community website, and related materials.
“Identity University” refers to the Identity University website, and related materials.
“IDN Extension” refers to the SailPoint IdentityNow password replay web browser extension.
“Materials” refers to the software, courseware, toolkits, documentation and all other information, whether tangible or intangible, that SailPoint makes available on Identity University, Compass, or Support Portal.
“Services” refers to the services provided by SailPoint, including the SailBot function on the Website, the IDN Extension and those provided in connection with the Materials, as well as any other related education or training services provided by or through SailPoint via Identity University, Compass, or Support Portal. For clarity, Services does not include the software programs offered by SailPoint or its Affiliates to customers.
“Support Portal” refers to the product-idea and support-case portal for SailPoint customers and partners, http://support.sailpoint.com/ and related materials.
“Third Party Services” refers to third party data rooms, channels, and services provided by Slack, Inc., Smartsheet, Inc., Box, Inc, or other third party service providers that SailPoint may grant you access to, and use of, for the purposes of collaborating and sharing information with SailPoint.
“Users” refers to individuals who use the Services, Applications, or Third Party Services.
“Visitors” refers to individuals who visit a Website.
“Website” refers to the websites www.SailPoint.com, www.ERPMaestro.com, Intello.io, and all other related sub-domains, including, as applicable, Compass, Identity University and Support Portal, each of which includes text, media, documentation, pictures, and other content.
For disputes regarding SailPoint’s collection or use of your Personal Information or for more information, or questions or comments concerning the Privacy Statement, please contact SailPoint at:
SailPoint Technologies, Inc.
c/o Privacy Manager
11120 Four Points Drive, Suite 100
Austin, Texas 78726
You may also stop email messages and other promotional mailings by contacting SailPoint at the above address or email.
Our goal is to resolve all disputes through our internal processes. If you have a complaint regarding our collection, use, disclosure or retention of Personal Information originating from the European Economic Area or Switzerland that cannot be resolved through those processes, you may:
(1) submit the complaint to the relevant data protection authorities, EU Data Protection Authorities and Swiss Federal Data Protection and Information Commissioner (FDPIC) (“DPAs”);
(2) at no cost to you, resolve the complaint through JAMS using this link: https://www.jamsadr.com/eu-us-privacy-shield; or
(3) provide notice to SailPoint that you desire to resolve the complaint through binding arbitration. SailPoint is subject to the enforcement powers of the U.S. Federal Trade Commission. In the event that we or such authorities determine that we did not comply with this Privacy Statement, we will take appropriate steps to address any adverse effects and to promote future compliance.