Big News! Intello has joined the SailPoint crew

Read all about it

Privacy Policy

Effective Date: February 22nd, 2021

This Privacy Policy describes our policies and procedures related to the collection, use and disclosure of your information on www.intello.io (the “Site”) and through your use of the SailPoint SaaS Management services (collectively with the Site, the “Services”) provided by or on behalf of SailPoint Technologies, Inc., including through its affiliated entities (collectively, “SailPoint, “we”, “our” or “us”). We receive information about you from various sources, including: (i) if you or your employer register for the Site and the Services, through your or your employer’s account on the Services (your “Account”); (ii) your use of the Services generally; and (iii) from third party websites and services. When you use the Services, you are consenting to the collection, transfer, manipulation, storage, disclosure and other uses of your information as described in this Privacy Policy.

What Does This Privacy Policy Cover?

This Privacy Policy covers the treatment of information that may be used to identify, relate to, describe, or that is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household (“Personal Data”) gathered in connection with your use of the Services or your employer’s use of the Services. This Privacy Policy also covers our treatment of any Personal Data that our business partners share with us or that we share with our business partners.

This Privacy Policy does not apply to the practices of third parties that we do not own or control, including but not limited to any third party websites, services and applications (“Third Party Services”) that you elect to access through the Service or to individuals that we do not manage or employ. While we attempt to facilitate access only to those Third Party Services that share our respect for your privacy, we cannot take responsibility for the content or privacy policies of those Third Party Services. We encourage you to carefully review the privacy policies of any Third Party Services you access.

Transfers to the United States

The Services are hosted and operated in the United States (“U.S.”) through SailPoint and its service providers. By using the Services, you acknowledge that Personal Data about you, regardless of whether provided by you or obtained from a third party, is being provided to SailPoint in the U.S. and will be hosted on U.S. servers, and you authorize SailPoint to transfer, store and process your information to and in the U.S., and possibly other countries. You hereby consent to the transfer of your data to the U.S. as set forth herein, which consent may be withdrawn at any time.

If you are located in the European Union (“EU”), United Kingdom, Lichtenstein, Norway, or Iceland, you may have additional rights under the EU General Data Protection Regulation (the “GDPR”) with respect to your Personal Data. SailPoint processes Personal Data of our customers’ end users and employees in connection with our provision of services to these customers, making us the processor of Personal Data and those customers the controllers of the Personal Data. For more information about your potential rights under the GDPR, and to exercise such rights where applicable, please contact the controller party in the first instance.

EU-U.S. Privacy Shield

SailPoint remains committed to the Principles of the EU-U.S. Privacy Shield Framework set forth by the U.S. Department of Commerce regarding the collection and use of Personal Data transferred from the EU. These Principles are (1) notice, (2) consent, (3) accountability for onward transfer, (4) security, (5) data integrity and purpose limitation, (6) access and (7) recourse, enforcement and liability with respect to all Personal Data received from within the EU in reliance on the Privacy Shield. The Privacy Shield Principles require that we remain potentially liable if any third party processing Personal Data on our behalf fails to comply with these Privacy Shield Principles (except to the extent we are not responsible for the event giving rise to any alleged damage). SailPoint’s compliance with the Privacy Shield is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission. For more information about the Privacy Shield Program, please visit  www.privacyshield.gov.

On July 16, 2020, the Court of Justice of the European Union (CJEU) issued a judgment which made the EU-U.S. Privacy Shield Framework no longer a valid mechanism to comply with EU data protection requirements when transferring personal data from the European Union to the United States. Following the CJEU Decision, the Swiss Federal Data Protection and Information Commissioner also concluded that the Swiss-U.S. Privacy Shield no longer provides a valid mechanism for the transfer of personal data from Switzerland to the United States. However, SailPoint continues to honor its commitments under the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework, along with reliance on alternative mechanisms to legitimize international personal data transfers from the European Union or Switzerland to the United States, such as by implementing standard contractual clauses and/or obtaining consent to such transfers.

Notice of What Information We Collect and How We Use It

What Information Do We Collect?

The information we gather enables us to provide, personalize, improve and continue to operate the Services. In connection with certain aspects of the Services, we may request, collect and/or display some of your Personal Data. We collect the following types of information from our users.

Account Information:

When you create an Account, you will provide information that could be Personal Data, such as your username, password and email address. Additionally, if you register for or access the Services using a Third Party Service (such as your Google Apps account login credentials), we may receive Personal Data that you have made available to share through such Third Party Service, which may include, without limitation, your user ID, email, name, and image. We may use your contact information to send you information about our Services. You may unsubscribe from some of these messages through your Account settings, although we reserve the right to continue contacting you when we believe it is necessary, such as for account recovery purposes.

Usage Data

The Services collects data about your computer usage (“Usage Data”) and also integrates with Third Party Services, including your browser and other software applications, that collect Usage Data. For example, browser plug-ins may record your IP address and browsing history, and APIs may record information about how you use our Services and various Third Party Services. This information may be Personal Data or may be linked to your Account or other Personal Data like your name. We use Usage Data for reasons such as to provide the Services to your employer, to generate Aggregate Information (as defined below), and to improve our Services.

User Content:

Some features of the Services allow you to provide content to the Services, such as written comments. All content submitted by you to the Services may be retained by us indefinitely, even after you terminate your account. We may continue to disclose such content to third parties in a manner that does not reveal Personal Data.

IP Address Information and Other Information Collected Automatically:

In addition to the Usage Data described above, we may collect the following types of information from visitors to our website, including through the use of cookies:

  • We automatically receive and record information from your web browser when you interact with the Services, including your IP address and cookie information. This information is used for fighting spam/malware and also to facilitate collection of data concerning your interaction with the Services (e.g., what links you have clicked on).
  • Generally, the Services automatically collect usage information, such as the number and frequency of visitors to the Site. We may also use this data in aggregate form. This type of data enables us and third parties authorized by us to figure out how often individuals use parts of the Services so that we can analyze and improve them.
  • We may collect some device-specific information if you access the Services using a mobile device. Device information may include but is not limited to unique device identifiers, network information, and hardware model, as well as information about how the device interacts with our Services.

Stripe

SailPoint uses Stripe, Inc. (“Stripe”) to collect and process personal financial information from visitors and users such as name, phone number, address, zip postal code, and credit card or bank account information for the purposes of allowing visitors and users to purchase various items, including the Services. If you make any payment through the Services, your credit card and other billing details may be gathered and stored with Stripe for the purpose of completing your purchases. SailPoint does not store your credit card or billing details, and such details cannot be accessed by SailPoint’s staff. In addition, to enable Stripe to invoice for the Services, Stripe receives access to certain financial information related to Accounts. You should review Stripe’s own privacy policy to ensure you are comfortable with their privacy practices before providing any credit card information. SailPoint contractually requires Stripe to stay compliant with the Payment Card Industry Data Security Standards, as well as all applicable local, state, national and international laws and regulations related to the services provided by Stripe.

Email Communications:

We may receive a confirmation when you open an email from us. We use this confirmation to improve our customer service.

Cookies

  • Cookies are pieces of text that may be provided to your computer through your web browser when you access a website. Your browser stores cookies in a manner associated with each website you visit. We use cookies to enable our servers to recognize your web browser and tell us how and when you visit the Site and otherwise use the Services through the Internet. Cookies can either be “session cookies” or “persistent cookies”. Session cookies are temporary cookies that are stored on your device while you are visiting our Site or using our Services, whereas “persistent cookies” are stored on your device for a period of time after you leave a site. For more information on cookies, including how to control your cookie settings and preferences, visit  http://ec.europa.eu/ipg/basics/legal/cookies/index_en.htm,  https://ico.org.uk/for-the-public/online/cookies/, and  http://www.allaboutcookies.org/.
  • We use cookies to identify that your web browser has accessed aspects of the Services and may associate that information with your Account if you have one. The Services use the following cookies:

    • Essential Cookies. Essential cookies are required for providing you features or services that you have requested. For example, certain cookies enable you to log into secure areas of our Site. Disabling these cookies may make certain features and services unavailable.
    • Functionality Cookies. Functional cookies are used to record your choices and settings regarding our Services, maintain your preferences over time, and recognize you when you return to our Services. These cookies help us to personalize our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
    • Performance/Analytical Cookies. Performance/analytical cookies allow us to understand how visitors use our Site and Services such as by collecting information about the number of visitors to the Site, what pages visitors view on our Site, and how long visitors are viewing pages on the Site. Performance/analytical cookies also help us measure the performance of our advertising campaigns in order to help us improve our campaigns and the Services’ content for those who engage with our advertising.
    • Retargeting/Advertising Cookies. Retargeting/advertising cookies collect data about your online activity and identify your interests so that we can provide advertising that we believe is relevant to you.
  • Most browsers automatically accept cookies but have an option for blocking or deleting cookies, which will prevent your browser from accepting new cookies, as well as (depending on the sophistication of your browser software) allow you to decide on acceptance of each new cookie in a variety of ways. You can usually access these options through the “Settings” or similar menu in your browser. For more information about cookies, including how to see what cookies have been set and how to manage and delete cookies, visit  http://www.aboutcookies.org/ or  http://www.allaboutcookies.org/. Please note that if you block or delete cookies, some portions of the Services may not work properly. In some cases, cookies may enable us to aggregate certain information with other Personal Data we collect and hold about you.
  • Some cookies are placed by a third party on your device and may provide information to us and third parties about your browsing habits (such as your visits to our Services, the pages you have visited and the links and advertisements you have clicked). These cookies can be used to determine whether certain third party services are being used, to identify your interests, to retarget advertisements to you and to serve advertisements to you that we or others believe are relevant to you. This Privacy Policy covers our use of cookies only and does not cover the use of cookies by third parties. We do not control when or how third parties place cookies on your computer. For example, third party websites to which a link points may set cookies on your computer.
  • SailPoint may also use tracking technologies that record information such as Internet domain and host names; Internet protocol (IP) addresses; browser software and operating system types; clickstream patterns; and dates and times that any Site is accessed by visitors. SailPoint may also analyze information for trends and statistics, such as through the use of Google Analytics or other similar analytics services.

Aggregate Information

Services and their computers (“Aggregate Information”). Some of this information is derived from Personal Data and Usage Data, but as part of Aggregate Information it is not Personal Data and cannot be tied back to you, your Account or your web browser.

Legal basis for processing Personal Data (EEA and Swiss visitors only)

If you are a user or visitor from the European Economic Area or Switzerland, our legal basis for collecting and using the Personal Data described above will depend on the Personal Data concerned and the specific context in which we collect it.

However, we will normally collect Personal Data from you only (i) where we need the Personal Data to perform a contract with you, (ii) where the processing is in our legitimate interests and not overridden by your rights, or (iii) where we have your consent to do so.

If you have questions about or need further information concerning the legal basis on which we collect and use your Personal Data, please contact us using the contact details provided below.

How, and With Whom, is My Information Shared?

The Services are designed to share your Usage Data with your employer. As a result, some of the information generated through the Services is shared with your employer.

Usage Data

Your Usage Data may be connected with your Personal Data and shared with your employer.

IP Address Information:

While we collect and store IP address information, that information is not made public. We do at times, however, share this information with our partners, service providers and other persons with whom we conduct business, and as otherwise specified in this Privacy Policy.

Information You Elect to Share:

You may access other Third Party Services through the Services, for example by clicking on links to those Third Party Services from within the Site. We are not responsible for the privacy policies and/or practices of these Third Party Services, and you are responsible for reading and understanding those Third Party Services’ privacy policies. This Privacy Policy only governs information collected on the Services.

Aggregate Information:

We share Aggregate Information with our partners, service providers and other persons with whom we conduct business. We share this Aggregate Information so that our partners can understand how and how often people use our Services and their services or websites, which facilitates improving both their services and how our Services interface with them.

User Profile Information:

User profile information including your username and other information you enter may be displayed to other users to facilitate user interaction within the Services. Your account and profile information may also be shared with your employer.

Information Shared with Our Service Providers:

We employ and contract with people and other entities that perform certain tasks on our behalf (our “Service Providers”). We may need to share Personal Data with our Service Providers in order to provide products or services to you. Unless we tell you differently, our Service Providers do not have any right to use Personal Data or other information we share except in connection with their services to us. You hereby consent to our sharing of Personal Data with our Service Providers.

Information Disclosed Pursuant to Business Transfers:

In some cases, we may choose to buy or sell assets. In these types of transactions, user information is typically one of the transferred business assets. Moreover, if we, or substantially all of our assets, were acquired, or if we go out of business or enter bankruptcy, user information would be one of the assets that is transferred or acquired by a third party. You acknowledge that such transfers may occur, and that any acquirer of us or our assets may continue to use your Personal Data as set forth in this policy.

Affiliates

We may share your Personal Data to present or future companies that, directly or indirectly, through one or more intermediaries, control, are controlled by, or are under common control with SailPoint (“Affiliates”). Your information may also be transferred to one of our Affiliates in connection with any reorganization or consolidation with such Affiliates.

Information Disclosed for Our Protection and the Protection of Others:

We also reserve the right to access, read, preserve, and disclose any information as we reasonably believe is necessary to (i) satisfy any applicable law, regulation, legal process or governmental request, (ii) respond to lawful requests by public authorities, including to meet national security or law enforcement requirements, (iii) enforce this Privacy Policy or any other agreement in place between you and/or your employer, on the one hand, and SailPoint or one of its Affiliates on the other, including in the investigation of potential violations hereof and thereof, (iv) detect, prevent, or otherwise address fraud, security or technical issues, (v) respond to user support requests, or (vi) protect our rights, property or safety, our users and the public. This includes exchanging information with other companies and organizations for fraud protection and spam/malware prevention.

Information We Share With Your Consent:

Except as set forth above, you will be notified when your Personal Data may be shared with third parties, and will be able to prevent the sharing of this information.

Is Information About Me Secure?

Your Account information will be protected by a password for your privacy and security. It is your responsibility to prevent unauthorized access to your Account and Personal Data by selecting and protecting your password appropriately and limiting access to your computer and browser by signing off after you have finished accessing your Account. If your password is compromised, you agree to notify as promptly as is practicable.

We seek to protect Account information and take commercially reasonable steps to ensure that it is kept private; however, we cannot guarantee the security of any Account information. Unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of user information at any time.

We otherwise store all of our information, including your IP address information, using industry-standard techniques. We do not guarantee or warrant that such techniques will prevent unauthorized access to information about you that we store, Personal Data or otherwise.

What Information of Mine Can I Access?

You can access certain information associated with your Account by logging into the Services.

How Can I Delete My Account?

Should you ever wish to delete your Account, please contact your employer.

Data retention

We retain Personal Data we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with the Services or to comply with applicable legal, tax or accounting requirements).

When we have no ongoing legitimate business need to process your Personal Data, we will either delete or anonymize it or, if this is not possible (for example, because your Personal Data has been stored in backup archives), then we will securely store your Personal Data and isolate it from any further processing until deletion is possible.

For clarity, SailPoint may retain, without restriction, all Aggregate Information and user content that does not contain Personal Data.

What Choices Do I Have Regarding My Information?

  • You can request that your employer deletes your Account. If your employer deletes your Account, it would limit the use and disclosure of your Personal Data, and any association between your Account and information we store will no longer be accessible through your Account. However, given the nature of sharing on the Services, any activity on your Account prior to deletion will remain stored on our servers and will remain accessible.
  • You can opt not to disclose certain information to us, but please note that certain information may be needed to take advantage of some of our features.
  • You may manage the sharing of certain Personal Data when you register with us through a Third Party Service, such as by using your Google Apps account login credentials. Please refer to the privacy settings of the Third Party Service to determine how you may adjust our permissions and manage the interactivity between the Services and the Third Party Service.
  • You can opt-out of certain cookies and tracking technologies by following the steps set forth in the section titled “IP Address Information and Other Information Collected Automatically” above.
  • Your browser may offer you a “Do Not Track” or “DNT” option, which allows you to signal to operators of websites, and web applications, and services that you do not wish such operators to track certain of your online activities over time and across different websites. The Services do not support Do Not Track requests at this time, which means that we may collect information about your online activity both while you are using the Services and after you leave our properties. This is just our Do Not Track policy, and we can’t and don’t make any promises about how third parties react when you set this signal on your browser.
  • If you wish to make a request to access, correct, update or delete your Personal Data, you can do so at any time by contacting us using the contact details provided below.  If you are a California resident or a resident of the European Economic Area or Switzerland, see below for additional information.
  • You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you. To opt-out of other forms of marketing (such as postal marketing or telemarketing), please contact us using the contact details provided below.

If you are a resident of the European Economic Area or Switzerland, you can also:

  • Object to processing of your Personal Data, ask us to restrict processing of your Personal Data or request portability of your Personal Data. Again, you can exercise these rights by contacting us using the contact details provided below.
  • Similarly, if we have collected and process your Personal Data with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Data conducted in reliance on lawful processing grounds other than consent.
  • You have the right to complain to a data protection authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority.

We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.

Your California Privacy Rights

If you are a California resident whose Personal Data is covered by the California Consumer Privacy Act (the “CCPA”), you may have certain rights regarding Personal Data we may have collected about you, as described in this below.

Those rights include (a) the right to access specific pieces of Personal Data we have collected about you in the 12 months prior to receipt of a verified request, and (b) the right to know about the categories of Personal Data we collected about you, the categories of sources from which that information was collected, the purpose for collection, and/or the categories of Personal Data we have shared with third parties and the categories of those third parties, all within the 12 months preceding your verified request. 

You may also have the right to request deletion of Personal Data we have collected about you that is covered by the CCPA, subject to various exceptions in the CCPA. 

These rights to access, know about, or delete Personal Data do not apply to Personal Data we may have collected in the course of certain business-to-business transactions or in the human resources context, consistent with the CCPA.  

We do not sell the Personal Data of California residents.

Submitting CCPA requests

You may submit a request for Personal Data consistent with this section by emailing us at  [email protected] or 1-877-378-1220.

Depending on the nature of your request, we may ask you for information to verify your request and identity. 

Please note that you may designate an agent to submit requests on your behalf.  Any such agent will have to verify their identity and we will require separate verifiable confirmation from you that you have authorized the agent to act on your behalf.  

Non-discrimination

We are committed to complying with the law. If you exercise any of the rights explained in this Privacy Policy, we will continue to treat you fairly.

We are a CCPA Service Provider

SailPoint primarily operates as a “service provider,” as that term is defined in the CCPA, for its customers.  This means SailPoint primarily collects and/or processes Personal Data on behalf of its customers, for customers’ business purposes, pursuant to written agreements.  As a service provider, we do not use, disclose or retain Personal Data collected in its capacity as a service provider other than is necessary to perform the services for its customers as described in their agreements. 

If we receive a request to access, know about, or delete Personal Data we have collected in our capacity as a service provider, we will inform the requestor that we will not be responding because we are a service provider, and recommend you place your request directly to the business. 

Shine the Light

Under California Civil Code sections 1798.83-1798.84, California residents are entitled to ask us for a notice identifying the categories of personal customer information which we share with our affiliates and/or third parties for marketing purposes, and providing contact information for such affiliates and/or third parties. If you are a California resident and would like a copy of this notice, please submit a written request to the address set forth below under “Contact Information.”

What Happens When There Are Changes to this Privacy Policy?

We may amend this Privacy Policy from time to time. Use of information we collect now is subject to the Privacy Policy in effect at the time such information is used. If we make changes in the way we collect or use information, we will notify you by posting an announcement on the Services or sending you an email. A user is bound by any changes to the Privacy Policy when he or she uses the Services after such changes have been first posted.

Children’s Personal Data Policy

SailPoint does not knowingly solicit or sell any Personal Data from children under the age of 16. If SailPoint is made aware that SailPoint has collected Personal Data from a child under 16 years old in a manner that is inconsistent with the Children’s Online Privacy Protection Act of the United States, then SailPoint will delete this information as soon as practicable.

Contact Information

For disputes regarding SailPoint’s collection or use of your Personal Data or for more information, or questions or comments concerning this Privacy Policy, please contact us at:

SailPoint Technologies, Inc.
c/o Privacy Manager
11120 Four Points Dr.
Suite 100
Austin, Texas 78726
USA

[email protected]

You may also stop email messages and other promotional mailings by contacting us at the above address or email.

Our goal is to resolve all disputes through our internal processes. If you have a complaint regarding our collection, use, disclosure or retention of Personal Data originating from the European Economic Area or Switzerland that cannot be resolved through those processes, you may:

(1) submit the complaint to the relevant data protection authorities, EU Data Protection Authorities and Swiss Federal Data Protection and Information Commissioner (FDPIC) (“DPAs”);

(2) at no cost to you, resolve the complaint through JAMS using this link:  https://www.jamsadr.com/eu-us-privacy-shield; or

(3) provide notice to SailPoint that you desire to resolve the complaint through binding arbitration. SailPoint is subject to the enforcement powers of the U.S. Federal Trade Commission. In the event that we or such authorities determine that we did not comply with this Privacy Policy, we will take appropriate steps to address any adverse effects and to promote future compliance.

Join today and unlock SaaS insight

Free 14-day Trial – No credit card required