overlay-image

Proofpoint Privacy Policy

Privacy Statement effective as of August 2, 2022

TRUSTe

Proofpoint understands the importance of safeguarding your privacy and we take this responsibility very seriously. This Privacy Statement is designed to help you understand how we process personal information, and how you can access and control this data.

Proofpoint, Inc., headquartered at 925 W. Maude Ave, Sunnyvale, CA 94085, (https://www.proofpoint.com/us/leadership-team) is responsible for the management of the personal data within its organisation. Proofpoint offers a range of products and services to customers throughout the world and includes those offered by any of its affiliated companies (collectively "Proofpoint") through its appliable websites (the "Site") or in connection with our products and/or services (the "Proofpoint Service").

Proofpoint is a cybersecurity company specialising in helping organisations protect against advanced cybersecurity threats and compliance risks. The Proofpoint Service resides between the email service provider and customer, acting as a filter to stop harmful content from reaching its customers. Proofpoint is not an email service provider, meaning that we do not provide customers with the ability to send or receive emails. We are also not a domain host and do not manage domain names.

Access to the Proofpoint Service is provided to you through an organisation with which you are affiliated, such as an employer or school. That organisation controls your use of the Proofpoint Service and the data that is transferred to Proofpoint for processing. You may also provide personal information to Proofpoint through use of the Site, blogs, marketing requests, and use of the Proofpoint Service.

By proceeding to use the Site and/or the Proofpoint Service, you consent that we may process the personal data that we collect from you in accordance with this Privacy Statement.

Information We Collect and How We Use It

Proofpoint uses the data we collect through manual and automated methods to protect you and your organisation against advanced email threats. This includes:

  • Providing our products, services, and customer support,
  • Improving and enhancing our products and services, including our threat-detection capabilities,
  • Continuing to develop threat intelligence to safeguard your organisation’s important information,
  • Advertising and marketing to you and/or representatives at your organisation, and
  • Delivering the superior privacy and cybersecurity protection that you expect of Proofpoint.

 

Contact Information You Give Us

You may directly give us your contact information in the following ways: (i) if you sign up for a free trial via www.proofpoint.com, (ii) sign up for offers on the Site, (iii) sign up for newsletters, (iv) download white papers from the Site, (v) respond to a promotion offered by a Proofpoint partner, or (vi) send us an email. Such contact information includes first and last name, title, company name, industry type, mailing address, telephone number, fax number, email address and company size ("Contact Information"). We may also collect information about your mailbox size, which will allow us to classify your company by size and provide customised information about implementing the Proofpoint Service within your organisation. We may combine your Contact Information with information collected from others to improve the quality and value of the Proofpoint Service and to analyse and understand how our Site is used.

We will use the Contact Information provided to us directly by you to: (i) carry out our obligations arising from any contracts between you and Proofpoint; (ii) provide you with the services, products, and/or information which you have requested from us; (iii) notify you about changes to our services or products; and (iv) ensure that content from our Site is presented in the most effective manner for you and your device. We may also use your Contact Information to contact you with certain marketing or promotional materials, as well as other information that may be of interest to you. If you no longer consent to our use of your Contact Information to send you our newsletter or other communications, please send us an email stating so to privacy@proofpoint.com or follow the unsubscribe instructions provided in any of the communications.

We will retain your information for as long as your account is active or as needed to provide you the Proofpoint Service. If you wish to cancel your account or request that we no longer use your information to provide you the Proofpoint Service, please contact us at privacy@proofpoint.com. Please note that we may still retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Personal Data You Post On Our Blog

If you use the blog on this Site, you should be aware that any personal data you submit there can be read, collected, or used by other users of these blogs, and could be used to send you unsolicited messages. We are not responsible for the personal data you choose to submit in these blogs. To request removal of your personal data from our blog, contact us at privacy@proofpoint.com. In some cases, we may not be able to remove your personal data, in which case we will inform you if we are unable to do so and why.

Customer Testimonials We Collect From You

We may post customer testimonials/comments/reviews on our Site which may contain personal data. We will not post a testimonial from you without obtaining your prior consent.

Log Data and Personal Network Information We Collect From You

When you visit the Site, we automatically collect technical and statistical data about your visit, such as your browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data, the pages you visit and any search terms you use ("Log Data"). We also collect your public IP address when you visit the Site. We may use your public IP address in order to determine whether certain requests are fraudulent or frivolous and we may automatically cross-reference your public IP address with your domain name (usually the domain name of your ISP or employer). Because you may be visiting the Site from your personal residence (for example, because you are telecommuting), your IP address and any associated domain name are treated as "Personal Network Information" instead of Contact Information. "Log Data" does not include Personal Network Information. Although such Personal Network Information may be used to administer and maintain the Site, it is not shared with any third parties, except as described below in the sections titled "Service Providers," "Compliance with Laws and Law Enforcement" and "Business Transfers." We will use Log Data for any purpose.

We may also use your Log Data and Personal Network Information to: (i) administer our Site and for internal operations, including troubleshooting, data analysis, testing, research, statistical, and survey purposes; (ii) improve our Site to ensure that content is presented in the most effective manner for you and for your device; (iii) allow you to participate in interactive features of our service, when you choose to do so; and/or (iv) as part of our efforts to keep our Site safe and secure.

Legal basis for processing personal information (EEA visitors only)

If you are a visitor from the European Economic Area, our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it.

However, we will generally collect personal information from you only where we have your consent to do so, where we need the personal information to fulfil contractual obligations for you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms.

Aggregated Information

After removing any information that would personally identify you from within the set of Contact Information, Personal Network Information, and Log Data we collect from you, we may combine that information with information we collect from other Proofpoint users and customers (collectively, the "Aggregated Information") to improve the quality and value of Proofpoint Services and to analyse and understand how our Site is used.

Cookies/Tracking Technologies

Proofpoint and our partners, affiliates, analytics, or service providers use cookies and other similar technologies.

We use cookies and similar technologies for storing your preferences and settings, enabling user sign in, to pre-fill a contact form should a user engage with Proofpoint marketing collateral, analysing trends, authentication, administering the site, analysing how our products perform, and fulfilling other legitimate purposes. We may receive reports based on the use of these technologies by our analytics or service providers on an anonymous individual as well as aggregated basis. Proofpoint does not use cookies or other similar technologies for targeted advertising.

Users can limit and control the data collected by cookies or other similar technologies at the individual browser level. If you reject cookies, you may still use our Site, but your ability to use some features or areas of our Site may be limited.

Behavioural Targeting / Re-Targeting

We partner with a third party to either display advertising on our Site or to manage our advertising on other sites. Our third-party partner may use technologies such as cookies to gather information about your activities on this Site and other sites to provide you advertising based upon your browsing activities and interests. If you wish to not have this information used for the purpose of serving you interest-based ads, you may opt-out by going to https://optout.networkadvertising.org (or if located in the European Union please go here https://www.youronlinechoices.eu). Please note this does not opt you out of being served ads. You will continue to receive generic ads.

The Proofpoint Service

The Proofpoint Service is designed to protect and secure our customers from malicious attacks such as phishing, targeted impersonation, ransomware, keylogging, and remote access trojans (RATs). The Proofpoint Service employs a variety of techniques such as threat prevention, detection and analysis, fraud prevention, regulatory and compliance archiving, and cyber security awareness training to protect our customers and their data. Depending on the Proofpoint Service, we may process the following types of personal data: user-names, email addresses, IP addresses, phone numbers, message content of an SMS, MMS, or RCS message reported by you as spam, social media account login credentials, and user information such as department, job position and location.

Information Sharing and Disclosure

Proofpoint may share your personal data with your consent, or to provide the products and services requested by your organisation. We may also share information as required by law, to maintain the security of our products and services, and to protect the rights and property of Proofpoint and/or its customers. If you have questions or concerns regarding the information shared as set forth in this Privacy Statement, please contact our Customer Support at privacy@proofpoint.com.

Marketing Purposes

Where you have consented, we may from time to time share your Contact Information (name, email address, phone number) with our authorised channel partners so that they can provide you with information on goods or services that may be of interest to you. You can, at any time, update your information and/or opt out of receiving such communications by making your choice known on the form on which we collected your data or by filling in your information and modifying "your communication opt out preferences." Before we share personal information, we enter into written agreements with recipients which contain data protection terms that safeguard your data.

Analytics Purposes

We may share Aggregated Information (after removing of information that would personally identify you) and Log Data with third parties for industry analysis, demographic profiling, and other purposes.

Service Providers

With your consent, or the consent of the organisation through which you are accessing the Proofpoint Service, we may from time to time use certain third-party business partners, suppliers, and sub-contractors (including companies and individuals) to perform services, complete transactions, or provide the Proofpoint Service requested by your affiliated organisation. This may include, but not be limited to, website hosting, maintenance services, database management, Web analytics, and improvement of the Site's features (“Service Providers”). These Service Providers have access to your personal data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

Proofpoint, Inc. remains liable under applicable law for the processing of your data. If you further are routed or otherwise make any web-browsing selection that takes you to another party's website, you will be subject to the terms of such third-party privacy statement for any activities that you conduct while on that third-party service.

Compliance with Laws and Law Enforcement

Proofpoint cooperates with government and law enforcement officials and private parties to enforce and comply with applicable law. We may disclose your personal data to government or law enforcement officials or private parties in response to lawful requests if we are under a duty to disclose or share your personal data in order to comply with any legal obligation (such as to meet national security or law enforcement requirements) to enforce or apply our terms and conditions or respond to claims and legal process, to protect the property and rights of Proofpoint or a third party, to protect the safety of the public or any person, or to prevent or stop any illegal, unethical or legally actionable activity (including for the purposes of fraud protection and credit risk reduction). For further information, please refer to the Information Disclosure Statement maintained on our Trust site.

Business Transfers

If Proofpoint is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our Site of any change in ownership or uses of your personal data, as well as any choices you may have regarding your personal data.

Access and Control of Your Information

Proofpoint is committed to maintaining the privacy and security of personal data entrusted to us. You can control the type of information your share directly with Proofpoint and can request that we stop using or sharing that data by contacting our Customer Support at privacy@proofpoint.com us at the links provided in this Privacy Statement.

You have rights to access your personal data under applicable data privacy laws and may correct, amend, or delete the information under certain conditions. Upon request, Proofpoint will provide you with information about whether we hold any of your personal information. If you would like to exercise your right to access, correct, update, or delete your information, please contact our Customer Support at privacy@proofpoint.com. We will respond to your request to access within a reasonable timeframe.

In some cases, your ability to access or control the personal data may be limited by applicable law, contract, or the product you are using. If you seek to access and control the personal data provided to us by your organisation, you may contact us at the links provided in this document or our Trust site, or your affiliated organisation (the data controller). Please note that Proofpoint has no direct relationship with the individuals whose personal data it processes at the direction of the affiliated organisation and reserves the right to contact your organisation regarding any requests you may submit to Proofpoint to access, control, or delete the data.

Data retention

Proofpoint retains the personal information it collects from you where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax, or accounting requirements).

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise it, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

Security & International Transfer

Proofpoint is a multi-national corporation with cross-border technical systems, intra-group relationships and business processes. If you are located outside of the United States and provide personal data to us, Proofpoint may transfer your personal data to the United States and use it there in accordance with this Privacy Statement.

Proofpoint employs generally accepted standards of administrative, physical, procedural, and technological measures designed to protect your information from unauthorised access, both during transmission and once it is received. If you have any questions about the security of your personal information, you can contact us at privacy@proofpoint.com.

However, please note that no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, although Proofpoint complies with its legal obligations in respect of the security of your personal data we cannot guarantee its absolute security.

Privacy Shield

Proofpoint complies with the principles set forth in the EU-US and Swiss-US Privacy Shield, which may be found at https://www.privacyshield.gov/list, but does not rely on the EU-US Privacy Shield Framework as the legal basis for transfers of personal data.  Proofpoint has always included the Standard Contractual Clauses (SCCs) in its standard data processing agreement as its primary data transfer mechanism and we will continue to rely on the SCCs as a legal basis for transferring personal data to and processing such data in the US. Proofpoint’s data privacy agreement, including the SCCs, can be found on Proofpoint’s Trust Site.

With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Proofpoint, Inc. may be subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Proofpoint, Inc. may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.

Under certain conditions, more fully described on the Privacy Shield website https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.

Links to Other Sites

Our Site contains links to other websites. If you click on a third-party link you will be directed to that third party's website. We do not exercise control over third-party websites. These other websites may place their own cookies or other files on your computer, collect data or solicit personally identifiable information from you. This Privacy Statement addresses the use and disclosure of information that we collect from you through this Site. Other sites follow different rules regarding the use or disclosure of the personally identifiable information you submit to them. We encourage you to read the privacy policies or statements of the other websites you visit. The fact that we link to a website is not an endorsement, authorisation, or representation of our affiliation with that third party, nor is it an endorsement of their privacy or information security policies or practises.

Social Media Widgets

Our Web site includes Social Media Features, such as the Facebook Like button and Widgets, such as the Share this button or interactive mini-programmes that run on our site. These Features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the Feature to function properly. Social Media Features and Widgets are either hosted by a third party or hosted directly on our Site. Your interactions with these Features are governed by the privacy statement of the company providing it.

Our Policy Toward Children

This Site is not directed to children under 18. If a parent or guardian becomes aware that his or her child has provided us with personal or contact information without their consent, he or she should contact us at privacy@proofpoint.com. If we become aware that a child under 13 has provided us with personally identifiable information, we will delete such information from our files immediately.

Proofpoint's Trust Site

Proofpoint is committed to the security and privacy of personal data. We maintain a Trust site at https://www.proofpoint.com/legal/trust where additional information about the security measures and procedures applicable to each Proofpoint  Service may be found. Proofpoint’s customers will also find on the Trust site a GDPR data processing agreement (including the EU’s Standard Contractual Clauses) for review, download and execution.

Contacting Us

If you have any enquires or complaints about how we use your personal data, please contact us at:

Proofpoint, Inc.
Attn: Data Privacy Officer
925 W. Maude Ave.
Sunnyvale, CA 94085

Email: privacy@proofpoint.com

In the EU, the data controller of your personal information is Proofpoint Limited, which is registered with the Information Commissioner’s Office in the UK. You may also make an anonymous report by using the EthicsPoint hotline, which is hosted on EthicsPoint's secure servers and is not part of the Proofpoint, Inc. website or intranet.

Changes to this Privacy Statement

We may modify this Privacy Statement from time to time to reflect changes to our information practises, so please check back frequently. Any changes to this Privacy Statement will be posted on this page, and, where appropriate (for example, if there are material changes to this statement), we will notify you by email or by means of a notice on our home page.

In this statement, "using" and "processing" information includes using cookies on a computer, subjecting the information to statistical or other analysis and using or handling information in any way, including without limitation collecting, storing, evaluating, modifying, deleting, using, combining, and transferring information within our organisation or among our affiliates within the United States or internationally.

© 2022. All rights reserved. The content on this site is intended for informational purposes only.
Last updated September 27, 2022.