Privacy Shield Notice for Customer Data

Last Updated: 09/24/2019

This Privacy Shield Notice for Customer Data applies to personal data transferred from the European Economic Area (EEA), UK or Switzerland to the United States that Sumo Logic, Inc. (“Sumo Logic” “we,” or “us”) processes on behalf of its customers via its cloud analytics solutions (“Customer Data”). We process Customer Data as a processor pursuant to our customer agreements. For information regarding the personal data we collect about the business contacts of our customers or other users of its websites, please refer to our Privacy Statement.

Certification

We adhere to the EU-U.S. and Swiss-U.S. Privacy Shield Framework Principles issued by the U.S. Department of Commerce (the “Principles”) in connection with our processing of Customer Data. For more information about the Principles and to view our certification, please visit the Department of Commerce’s Privacy Shield website, available at www.privacyshield.gov. We are subject to the investigatory and enforcement powers of the Federal Trade Commission.

Customer Data Types and Use

The types of Customer Data that we collect varies depending on the type of service used by our customers and the specific configurations deployed by our customers. For instance, our customer may transmit various types of logs (or computer-generated records) that may include personal data relating to their end users, employees or other individuals. We use Customer Data to provide our services to our customers and as otherwise authorized by our customers in our customer agreements.

Disclosure of Customer Data

We may use third-party processors, including cloud infrastructure providers, to process Customer Data. If we share Customer Data with a third-party processor, then we will be liable for that party’s processing of Customer Data in violation of the Principles, unless we can prove that we are not responsible for the event giving rise to the damage.

We may also be required to disclose Customer Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Rights and Choices of Data Subjects

Individuals in the EEA, UK and Switzerland have the right to access personal data processed about them. Since we are a processor of Customer Data, it is our policy to direct inquiries regarding the exercise of rights (including access rights) and choices related to Customer Data directly to our customers.

Inquiries or Complaints

You may contact us at privacy@sumologic.com about any question or complaint regarding our adherence to the Principles.

If we do not resolve your complaint, you may submit your complaint free of charge to TRUSTe, our designated Privacy Shield independent dispute resolution provider, at https://feedback-form.truste.com/watchdog/request. Under certain conditions specified by the Principles, you may also be able to invoke binding arbitration to resolve your complaint.