Evaluate your SIEM
Get the guideEffective Date: 12/13/2023
Last Updated: 12/13/2023
This Privacy Statement describes the privacy practices of Sumo Logic, Inc. and its affiliates (“Sumo Logic”, “we” or “us”) and applies to the information we collect about you when you use our websites or online services (collectively, the “Services”), or when you otherwise communicate with us.
This Privacy Statement applies to the information we collect about potential workforce candidates, including information you provide to us when applying for a job via our careers site. It does not apply to the information we collect about our employees or independent contractors. It also does not apply to the information we process on behalf of our customers via our cloud analytics solutions (which is subject to our customer agreements), but it does apply to the information we collect about the individuals that use these solutions on behalf of our customers.
We may change this Privacy Statement from time to time. If we make changes, we will notify you by revising the date at the top of this statement and, in cases where there are material changes, we will provide you with additional notice (such as adding a statement within our Services or sending you a notification) prior to the changes becoming effective. We encourage you to review this Privacy Statement whenever you access the Services or otherwise interact with us to stay informed about our information practices and the choices available to you.
Please note that our Services are designed for enterprise customers, and the personal information we collect under this Privacy Statement is typically collected in a commercial or employment context. As a result, many U.S. state privacy laws do not apply to personal information we process under this Privacy Statement.
CONTENTS
Collection of Information
Use of Information
Disclosure of Information
Advertising and Analytics
Your Choices and Rights
Contact Us
Information for California residents
Individuals in the European Economic Area (EEA), Switzerland and UK
COLLECTION OF INFORMATION
Information You Provide to Us
We collect information when you register for an account, fill out a form or a survey, attend an event or training, post on our blog or Community forum, make a purchase, request customer support, access content on our Services (like a whitepaper), apply for a job, or otherwise communicate with us. The information you may provide includes your name and contact information (including email, phone and address), company information (including name and job title), social media handles, account username and password, payment method information, and any other information you choose to provide us.
If you apply for a position to work with us, information you provide may also include: additional government-issued identifiers (e.g., Social Security number); eligibility to work information (e.g., citizenship, work authorization status and visa application information); demographic information (e.g., age, gender, marital status, ethnicity, sexual orientation, veteran status and disability status); professional information (e.g., resume, cover letter, information shared during an interview, results of an assessment, employment history, current salary); education information (e.g., schools attended, degree information and dates of graduation); health-related information (e.g., disability information or information related to symptoms of, or risk of exposure to, certain illnesses, including contact with others who may be sick or relevant travel history); and profile photo.
Automatically Collected Information
When you use our Services, we collect the following information about you:
- Usage Information: we collect usage information, such as what pages of our websites you access, the screens or features of our cloud analytics solution you use, software or content you access, and other similar types of usage information.
- Log Information: We collect standard log files when you use our Services, which include the type of web browser you use, access times and dates, pages viewed, your IP address, and the page you visited before navigating to our websites.
- Information Collected by Cookies and Similar Tracking Technologies: For information about cookies and other tracking technologies we use, and options to disable them, please see our Cookie Policy.
Information We Generate
We generate some information about you based on other information we have collected. For example, like many platforms, we use your IP address to derive the approximate location of your device. We also take notes and observations about the business contacts of our customers to help evaluate sales opportunities and about job applicants as part of our hiring process. Please note that this data may contain the personal information of other individuals (such as Sumo Logic employees providing those notes).
Information We Collect from Other Sources
We also obtain information about you from third-party sources. For instance, we receive information about contacts of potential customers through other sites that distribute our content or webinars, from data analytics and marketing services and through refer-a-friend tools made available on our Services. This information may include name, contact information (including email and phone), job title, and company.
If you apply for a job with us, we may also receive information from your named references, persons who referred you for a position, background check providers (where applicable), recruiting agencies, third-party recruitment sources and websites, and publicly available sources (such as your LinkedIn profile).
Sensitive Personal Information
Some of the information we collect in connection with applications for employment includes sensitive personal information, as that term is defined by applicable data protection law. We collect sensitive personal information only for limited purposes permitted by law, such as to accommodate a disability or illness, comply with legal obligations, protect the health and safety of our employees, and facilitate internal programs relating to diversity, equity, inclusion, and anti-discrimination.
USE OF INFORMATION
We use the information we collect to:
- Provide, maintain and improve our Services, and develop new products and services
- Process transactions and send you related information, including confirmations and invoices
- Evaluate sales leads and identify contacts for new customers
- Send you technical notices, security alerts, account notifications and other administrative messages
- Respond to your comments, questions, and customer service requests
- Communicate with you about content, services, and events offered by Sumo Logic and others, and provide news and information we think will be of interest to you
- Evaluate your application for employment, consider you for new positions, communicate with you during the recruitment process, and improve our recruitment practices;
- Monitor and analyze trends, usage, and activities in connection with our Services
- Detect, investigate and prevent security incidents or other malicious, deceptive, fraudulent, or illegal activities and protect the rights, health, safety and property of Sumo Logic and others
- Personalize your online experience and the advertisements you see
- Facilitate contests and promotions as well as other giveaways and process and deliver entries and rewards
- For legal and compliance purposes, such as to detect, investigate, and activities that are illegal or violate our policies, exercise a legal claim, and comply with applicable laws and regulations.
DISCLOSURE OF INFORMATION
We disclose information about you as follows or as otherwise described in this Privacy Statement:
- With vendors, professional advisors, and contractors that perform services for us, including web hosting, email services, customer relationship management, payment processing, fraud prevention, reporting and analytics, marketing and advertising, recruiting and applicant management services, relocation support, verification/background checking services and other services
- In response to a request for information if we believe disclosure is in accordance with, or required by, any applicable law or legal process, including lawful requests by public authorities to meet national security or law enforcement requirements
- If we believe your actions are inconsistent with our user agreements or policies, if we believe you have violated the law, or to protect the rights, property, and safety of Sumo Logic or others
- In connection with, or during negotiations of any merger, sale of company assets, reorganization, financing or acquisition of all or a portion of our business by another company or similar corporate transactions
- Between and among Sumo Logic and our current and future parents, affiliates, subsidiaries, and other companies under common control and ownership for use consistent with this Privacy Statement
- With your consent or at your direction. For instance, if you publicly post on our blog or community forum, this information will be shared with the public and other forum participants
We may also disclose aggregated, anonymous or, where permitted by law, de-identified information that cannot reasonably be used to identify you. We will not attempt to re-identify such information, except as permitted by law.
ADVERTISING AND ANALYTICS
We engage others to provide analytics services, serve advertisements, and perform related services on our behalf across other websites and online services. We and these companies use cookies, web beacons, and other technologies to collect information about your use of the Services and other websites and online services, including your IP address, device identifiers, web browser, mobile network information, pages viewed, time spent on pages or in apps, links clicked, and conversion information. This information may be used by Sumo Logic and others to, among other things, analyze and track data, determine the popularity of certain content, deliver advertising and content targeted to your interests on our Services and other websites, and better understand your online activity. Some of the activities described in this section may constitute “targeted advertising,” “sharing,” or “selling” under certain laws. To learn more about the choices available to you with respect to these practices, see below.
For more information about interest-based ads, or to opt out of having your web browsing information used for behavioral advertising purposes, please visit www.aboutads.info. If you are in a country in the European Economic Area (EEA), Switzerland or the UK please visit www.youronlinechoices.eu/.
Various browsers allow a “do not track” (DNT) setting that relies on a technology known as a DNT header, which sends a signal to websites visited by the individual about the individual’s browser DNT setting. At this time, there is no general agreement on how companies like Sumo Logic should interpret DNT signals. Therefore, Sumo Logic does not currently commit to respond to DNT signals, whether that signal is received on a computer or on a mobile device.
YOUR CHOICES AND RIGHTS
Depending on your jurisdiction and subject to certain limitations, you have the following rights with respect to the personal information we process about you:
- Request a copy of the personal information we hold about you (including as necessary to support your right of data portability)
- Request to know information about the categories of personal information we process about you
- Request that we correct your data
- Request that your data be deleted
- Withdraw consent for any processing where we have requested your consent
- To not be discriminated against for exercising these rights
If you would like to exercise any of these rights, you may submit your request by writing us at delete-my-data@sumologic.com We may verify your request by asking you to provide certain information that matches information we have on file about you.
Opting Out of Targeted Advertising, Sharing, and Sales
As described in the Advertising and Analytics section above, we process personal information to understand and improve your experience with our Services and to serve you advertisements on other properties. Some of these activities may be considered “sales” or “sharing” of your personal information or “targeted advertising” under certain privacy laws.
Depending on where you reside, you may have the right to opt out of targeted advertising, sharing, and sales of your personal information. You can do so by following the prompts here.
Account Information
You may update certain account information you provide via our Services (such as your name and email address) by logging into your account, but note that we retain certain information when required or permitted by law.
Promotional Communications
You may opt out of receiving promotional emails or text messages from Sumo Logic by following the instructions in those emails or text messages. If you opt out, we may still send you non-promotional emails, such as those about your account or our ongoing business relations.
CONTACT US
If you have any questions about this Privacy Statement, please contact us at: privacy@sumologic.com, or by mail to:
Sumo Logic Inc.
c/o Legal Department
855 Main St., Suite 100
Redwood City, CA 94063
If you are in the European Economic Area (EEA), UK or Switzerland, you may also contact us at: emea-privacy@sumologic.com or by mail to:
Sumo Logic Italy
Via Mecenate 78/A
20138 Milano
(MI) Italy
INFORMATION FOR CALIFORNIA RESIDENTS
This section provides additional disclosures required by the California Consumer Privacy Act (“CCPA”). If you reside in California, this section applies to you and describes our data practices today and in the preceding 12 months.
In the last 12 months, we collected the following categories of personal information: identifiers (such as name and contact information), professional or employment-related information and education history (such as for job applications or about potential and current customer contacts), internet or other electronic network activity information (such as browsing behavior), inferences (such as approximate location, product interests or interview notes and observations), characteristics of protected classifications under state or U.S. federal law (such as gender), audio or visual information (such as video recordings from interviews), sensitive personal information (such as government-issued ID numbers, or racial or ethnic origin) and transaction information (such as payment method information). For more details about the personal information we collect, including the categories of sources, please see the “Collection of Information” section above. We collect this information for the business and commercial purposes described in the “Use of Information” section above. We do not use or disclose your sensitive personal information for purposes other than those expressly permitted by California law.
In the last 12 months, we have disclosed information for the business and commercial purposes described in the “Disclosure of Information” section above. Below is a summary of those practices:
CATEGORIES OF PERSONAL INFORMATION |
CATEGORIES OF RECIPIENTS WITH WHOM INFORMATION MAY BE SHARED |
|
|
We offer various financial incentives. These may benefit business contacts who sign up to receive our marketing emails or submit helpful information to Sumo Logic, or respond by providing personal information in the course of a Sumo Logic giveaway or other special happenings. For example, we may provide branded Sumo Logic gear to survey participants, gift boxes for customers attending events, free add-ons to our Services for joining a promotion, or a limited discount for new customers. When you participate in a financial incentive, we collect personal information from you, such as identifiers like your name and email address. You can opt into a financial incentive by following the sign-up instructions for that financial incentive, and for any ongoing benefits you have the ability to opt-out of the incentive at any time such as by following the unsubscribe instructions in our promotional emails. In some cases, we may provide additional terms and conditions for a financial incentive, which we will provide to you when you sign up. The value of your personal information is reasonably related to the value of what is presented to you.
Subject to certain limitations, the CCPA provides California consumers the right to request to know more details about the categories and specific pieces of personal information, to delete their personal information, to correct information held about you which is inaccurate or incomplete, to opt out of certain uses of sensitive personal information (should that become applicable to our processing), and to not be discriminated against for exercising these rights. To request access, correction, or deletion of your personal information, submit your request to delete-my-data@sumologic.com.
California Consumers also have the right to opt out of sharing, and sales of personal information. As described in the “Advertising and Analytics” section above, we work with third parties (including advertising partners and social media platforms) to serve you personalized ads on other websites and services based on the identifiers and electronic network activity information they receive through our Services. Some of these activities may be considered “sales” or “sharing” of your personal information. We “sell” or “share” the following categories of personal information with the following categories of recipients:
CATEGORIES OF PERSONAL INFORMATION |
CATEGORIES OF THIRD PARTIES |
|
|
We do not knowingly sell or share personal information about consumers under the age of 16.
California consumers can opt out of “sales” and “sharing” by clicking here. You can also opt out by visiting our Services with a legally-recognized universal choice signal enabled (such as the Global Privacy Control). Please note that, depending on which legally-recognized opt-out preference signal you use and whether you are logged into your account with us, our processing of the signal may be limited to the specific browser or device that you are using. You may need to renew your opt-out choice if you use a different browser or device to access our Services, or if you clear your cookies.
We will verify your request by asking you to provide information that matches information we have on file about you. You can also designate an authorized agent to exercise these rights on their behalf. Authorized agents should submit requests through the same channels, but we will require proof that the person is authorized to act on your behalf and may also still ask you to verify your identity with us directly.
The length of time we retain your personal information depends on the status of our relationship with you and the requirements of applicable law. To determine that period, we take into account a number of factors, including our legal and regulatory obligations (such as financial reporting obligations and equal opportunity or anti-discrimination reporting obligations) and whether we may need to retain personal information to resolve disputes, make and defend legal claims, conduct audits, pursue legitimate business purposes, and/or enforce our agreements. For example, if you apply for a position and are not selected for a role, we may keep your application information, including any relevant personal information, to allow us to consider you for other career opportunities with us and provided that, if required by applicable laws, we obtained your prior consent for such longer retention of your personal information.
We will not discriminate or retaliate against you for exercising your privacy rights. If you choose not to disclose certain personal information, this may limit our ability to perform certain activities, such as to continue with your application process.
INFORMATION FOR INDIVIDUALS IN THE EUROPEAN ECONOMIC AREA (EEA), SWITZERLAND AND UK
The remaining sections of this statement apply to you if you use our Services while in the European Economic Area (EEA), Switzerland or UK.
Legal Basis for Processing
When we process your personal data we will only do so in the following situations:
- As necessary to perform our responsibilities under our contract with you (like providing the products or services you have requested)
- When we have a legitimate interest in processing your personal data, including to communicate with you about changes to our Services, to help secure and improve our Services (including to prevent fraud) and to analyze use of our Services and potential sales leads
- As necessary to comply with our legal obligations
- When we have your consent to do so
Data Subject Requests
Subject to certain limits and conditions provided under law, you have the rights described in the Your Choices and Rights section above. Additionally, you have the right:
- to object to certain processing (like receiving direct marketing), or to request that we restrict processing in certain circumstances (like to retain but not further process pending resolution of a claim).
- to file a complaint regarding our data protection practices with a supervisory authority. Please see this directory for contact details. If you are in Switzerland, please visit the FDPIC site for contact details. If you are in the UK, please visit the ICO site at https://ico.org.uk/make-a-comp..., for contact details.
If you would like to exercise any of these rights, you may contact us as indicated in the “Contact Us” section above.
Data Transfers and Retention
Sumo Logic processes and stores information in the U.S. and other countries, which may not provide equivalent levels of data protection as your home jurisdiction. For example, we transfer personal data to our corporate affiliates located in the United Kingdom, Poland, United States, Japan, India and Australia for the purposes described in this Privacy Statement. Transfers out of the European Economic Area (EEA), UK and Switzerland not deemed adequate by the European Commission are pursuant to Standard Contractual Clauses adopted by the European Commission.
References to “we” or “us” in the following paragraph refer only to Sumo Logic Inc. We adhere to applicable European legislation in connection with our transfer of personal data to the United States that relates to individuals in the European Economic Area (EEA), UK and Switzerland (“Covered Data”). We are committed to subjecting all personal data including Covered Data received from the EEA, UK and Switzerland to adequate protection mechanisms, as may be changed with changing law. If residing in the EEA, UK, or Switzerland, you may also contact us at: emea-privacy@sumologic.com or by mail to: Sumo Logic Italy, Via Mecenate 78/A, 20138 Milano, (MI) Italy.
The length of time we retain your personal information depends on the status of our relationship with you and the requirements of applicable law. To determine that period, we take into account a number of factors, including our legal and regulatory obligations (such as financial reporting obligations and equal opportunity or anti-discrimination reporting obligations) and whether we may need to retain personal information to resolve disputes, make and defend legal claims, conduct audits, pursue legitimate business purposes, and/or enforce our agreements. For example, if you apply for a position and are not selected for a role, we may keep your application information, including any relevant personal information, to allow us to consider you for other career opportunities with us and provided that, if required by applicable laws, we obtained your prior consent for such longer retention of your personal information.