Last Updated: 03/06/2020
This Privacy Shield Notice for Customer Data applies to personal data transferred from the European Economic Area (EEA), UK or Switzerland to the United States that Sumo Logic, Inc. (“Sumo Logic” “we,” or “us”) processes on behalf of its customers via its cloud analytics solutions (“Customer Data”). We process Customer Data as a processor pursuant to our customer agreements. For information regarding the personal data we collect about the business contacts of our customers or other users of its websites, please refer to our Privacy Statement.
We adhere to the EU-U.S. and Swiss-U.S. Privacy Shield Framework Principles issued by the U.S. Department of Commerce (the “Principles”) in connection with our processing of Customer Data. We are committed to subjecting all personal data including Customer Data received from the EEA, UK and Switzerland in reliance on the Privacy Shield Framework and the Principles. For more information about the Principles and to view our certification, please visit the Department of Commerce’s Privacy Shield List, available at www.privacyshield.gov/list. We are subject to the investigatory and enforcement powers of the Federal Trade Commission.
Customer Data Types and Use
The types of Customer Data that we collect varies depending on the type of service used by our customers and the specific configurations deployed by our customers. For instance, our customer may transmit various types of logs (or computer-generated records) that may include personal data relating to their end users, employees or other individuals. We use Customer Data to provide our services to our customers and as otherwise authorized by our customers in our customer agreements.
Disclosure of Customer Data
We may use third-party processors, including cloud infrastructure providers, to process Customer Data. If we share Customer Data with a third-party processor, then we will be liable for that party’s processing of Customer Data in violation of the Principles, unless we can prove that we are not responsible for the event giving rise to the damage.
We may also be required to disclose Customer Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Rights and Choices of Data Subjects
Individuals in the EEA, UK and Switzerland have the right to access personal data processed about them. Since we are a processor of Customer Data, it is our policy to direct inquiries regarding the exercise of rights (including access rights) and choices related to Customer Data directly to our customers.
Inquiries or Complaints
If you have any questions or complaints about this Notice or our adherence to the Principles, please contact us at: email@example.com, or by mail to:
Sumo Logic Inc.
c/o Legal Department
305 Main Street
Redwood City, CA 94063.
If you are in the European Economic Area (EEA), UK or Switzerland, you may also contact us at: firstname.lastname@example.org or by mail to:
Sumo Logic Limited,
c/o General Counsel
London, WC2B 6HN.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Under certain conditions, more fully described on the Privacy Shield website [https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint], you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.