Effective Date: 11/01/2017
Last Updated: 03/06/2020
This Privacy Statement describes the privacy practices of Sumo Logic, Inc. and its affiliates (“Sumo Logic”, “we” or “us”) and applies to the information we collect about you when you use our websites or cloud analytics solutions (collectively, the “Services”), or when you otherwise communicate with us. This statement does not apply to the information we process on behalf of our customers via our cloud analytics solutions (which is subject to our customer agreements), but it does apply to the information we collect about the individuals that use these solutions on behalf of our customers. Please refer to our Privacy Shield Notice for additional information on how we process on behalf of our customers via our cloud analytics solution.
We may change this Privacy Statement from time to time. If we make changes, we will notify you by revising the date at the top of this statement and, in cases where there are material changes we will provide you with additional notice (such as adding a statement to our website homepage or sending you a notification) prior to the changes becoming effective. We encourage you to review the Privacy Statement whenever you access the Services or otherwise interact with us to stay informed about our information practices and the choices available to you.
Collection of Information
Use of Information
Sharing of Information
Advertising and Analytics Services Provided by Others
Information for California residents
Individuals in the European Economic Area (EEA), Switzerland and UK
COLLECTION OF INFORMATION
Information You Provide to Us
We collect information when you register for an account, fill out a form or a survey, attend an event or training, post on our blog or Community forum, make a purchase, request customer support, access content (like a whitepaper), apply for a job, or otherwise communicate with us. The information you may provide includes your name and contact information (including email, phone and address), company information (including name and job title), social media handles, account username and password, payment method information, and any other information you choose to provide us.
Automatically Collected Information
When you use our Services, we collect the following information about you:
- Usage Information: we collect usage information, such as what pages of our websites you access, the screens or features of our cloud analytics solution you use, software or content you access, and other similar types of usage information.
- Log Information: We collect standard log files when you use our Services, which include the type of web browser you use, access times and dates, pages viewed, your IP address, and the page you visited before navigating to our websites.
- Information We Generate: We generate some information about you based on other information we have collected. For example, like many platforms, we use your IP address to derive the approximate location of your device. We also take notes and observations about the business contacts of our customers to help evaluate sales opportunities and about job applicants as part of our hiring process.
Information We Collect from Other Sources
We also obtain information about you from other sources. For instance, we receive information about contacts of potential customers through other sites that distribute our content or webinars, from data analytics and marketing services like Dun & Bradstreet and through refer-a-friend tools made available on our Services. This information includes your name, contact information (including email and phone), job title, and company.
USE OF INFORMATION
We use the information we collect to:
- Provide, maintain and improve our Services, and develop new products and services
- Process transactions and send you related information, including confirmations and invoices
- Evaluate sales leads and identify contacts for new customers
- Send you technical notices, security alerts, account notifications and other administrative messages
- Respond to your comments, questions, and customer service requests
- Communicate with you about content, services, and events offered by Sumo Logic and others, and provide news and information we think will be of interest to you
- Evaluate your application for employment and consider you for new positions
- Monitor and analyze trends, usage, and activities in connection with our Services
- Detect, investigate and prevent fraud or other illegal activities and protect the rights and property of Sumo Logic and others
- Personalize your online experience and the advertisements you see
- Facilitate contests and promotions and process and deliver entries and rewards
SHARING OF INFORMATION
We share information about you as follows or as otherwise described in this Privacy Statement:
- With companies and contractors that perform services for us, including email service providers, customer relationship management services, recruiting and applicant management services, and other service providers
- In response to a request for information if we believe disclosure is in accordance with, or required by, any applicable law or legal process, including lawful requests by public authorities to meet national security or law enforcement requirements
- If we believe your actions are inconsistent with our user agreements or policies, if we believe you have violated the law, or to protect the rights, property, and safety of Sumo Logic or others
- In connection with, or during negotiations of, any merger, sale of company assets, financing or acquisition of all or a portion of our business by another company
- Between and among Sumo Logic and our current and future parents, affiliates, subsidiaries, and other companies under common control and ownership for use consistent with this Privacy Statement
- With your consent or at your direction. For instance, if you publicly post on our blog or community forum, this information will be shared with the public and other forum participants
We also share aggregated or other information not subject to obligations under the data protection laws of your jurisdiction.
ADVERTISING AND ANALYTICS SERVICES PROVIDED BY OTHERS
Various browsers allow a “do not track” (DNT) setting that relies on a technology known as a DNT header, which sends a signal to websites visited by the individual about the individual’s browser DNT setting. At this time, there is no general agreement on how companies like Sumo Logic should interpret DNT signals. Therefore, Sumo Logic does not currently commit to respond to DNT signals, whether that signal is received on a computer or on a mobile device.
You may update certain account information you provide via our Services (such as your name and email address) by logging into your account, but note that we retain certain information when required or permitted by law.
You may opt out of receiving promotional emails or text messages from Sumo Logic by following the instructions in those emails or text messages. If you opt out, we may still send you non-promotional emails, such as those about your account or our ongoing business relations.
If you have any questions about this Privacy Statement, please contact us at: firstname.lastname@example.org, or by mail to:
Sumo Logic Inc.
c/o Legal Department
305 Main Street
Redwood City, CA 94063.
If you are in the European Economic Area (EEA), UK or Switzerland, you may also contact us at: email@example.com or by mail to:
c/o General Counsel
London, WC2B 6HN.
INFORMATION FOR CALIFORNIA RESIDENTS
This section provides additional disclosures required by the California Consumer Privacy Act (“CCPA”).
In the last 12 months, we collected the following categories of personal information: identifiers (such as name and contact information), professional or employment-related information and education history (such as for job applications or about potential and current customer contacts), internet or other electronic network activity information (such as browsing behavior), inferences (such as approximate location or product interests) and other personal information (such as payment method information). For more details about the personal information we collect, including the categories of sources, please see the “Collection of Information” section above. We collect this information for the business and commercial purposes described in the “Use of Information” section above. We share this information with the categories of third parties described in the “Sharing of Information” section above.
Subject to certain limitations, the CCPA provides California consumers the right to request to know more details about the categories and specific pieces of personal information, to delete their personal information, to opt out of any “sales” that may be occurring, and to not be discriminated against for exercising these rights.
California consumers may make a rights request by contacting us at firstname.lastname@example.org.
INFORMATION FOR INDIVIDUALS IN THE EUROPEAN ECONOMIC AREA (EEA), SWITZERLAND AND UK
The remaining sections of this statement apply to you if you use our Services while in the EEA, Switzerland or UK.
Legal Basis for Processing
When we process your personal data we will only do so in the following situations:
- As necessary to perform our responsibilities under our contract with you (like providing the products or services you have requested)
- When we have a legitimate interest in processing your personal data, including to communicate with you about changes to our Services, to help secure and improve our Services (including to prevent fraud) and to analyze use of our Services and potential sales leads
- As necessary to comply with our legal obligations
- When we have your consent to do so
Data Subject Requests
Subject to certain limits and conditions provided under law, you have the following rights:
- You have the right to access personal data we hold about you and to ask that your personal data be corrected, erased, or made available in a portable form.
- You also have the right to object to certain processing (like receiving direct marketing), or to request that we restrict processing in certain circumstances (like to retain but not further process pending resolution of a claim).
- If you provide consent to any of our processing activities, you may later withdraw that consent at any time.
- You have a right to file a complaint regarding our data protection practices with a supervisory authority. Please see this directory for contact details. If you are in Switzerland, please visit the FDPIC site for contact details.
If you would like to exercise any of these rights, you may contact us as indicated in the “Contact Us” section above.
We retain personal data no longer than is necessary for the purposes for which it is processed, unless applicable law requires storage for a longer period of time.
Sumo Logic processes and stores information in the U.S. and other countries, which may not provide equivalent levels of data protection as your home jurisdiction. For example, we transfer personal data to our corporate affiliates located in the United Kingdom, Poland, United States, Japan, India and Australia for the purposes described in this Privacy Statement. Transfers to Sumo Logic Inc. in the United States are pursuant to the Privacy Shield as discussed below. Transfers to other jurisdictions not deemed adequate by the European Commission are pursuant to Standard Contractual Clauses adopted by the European Commission, copies of which are available Here and Here.
Privacy Shield Notice
References to “we” or “us” in the following paragraph refer only to Sumo Logic Inc. We adhere to the EU-U.S. and Swiss-U.S. Privacy Shield Framework Principles issued by the U.S. Department of Commerce (the “Principles”) in connection with our transfer of personal data to the United States that relates to individuals in the EEA, UK and Switzerland (“Covered Data”). We are committed to subjecting all personal data including Covered Data received from the EEA, UK and Switzerland in reliance on the Privacy Shield Framework and the Principles. For more information about the Principles and to view our certification, please visit the Department of Commerce’s Privacy Shield List at www.privacyshield.gov/list. You may contact us about any question or complaint regarding our adherence to the Principles as indicated in the ‘Contact Us’ section above or submit the form here https://www.sumologic.com/contact-us/. Under certain conditions specified by the Principles, you may also be able to invoke binding arbitration to resolve your complaint. We are subject to the investigatory and enforcement powers of the Federal Trade Commission. If we share Covered Data with a third-party service provider that processes the data solely on our behalf, then we will be liable for that party’s processing of Covered Data in violation of the Principles, unless we can prove that we are not responsible for the event giving rise to the damage.