Privacy Statement effective as of November 10, 2020
Proofpoint, Inc., whose registered address is at 925 W. Maude Ave, Sunnyvale, CA 94085, understands the importance of safeguarding your privacy and we take this responsibility very seriously. At Proofpoint, we care about the ethical use of data. Our people centric business is dedicated to keeping our customers and our employees safe by creating and utilizing the best possible cybersecurity and data privacy tools and practices. We believe you should understand how data you share with us is used and protected. Proofpoint prioritizes transparency regarding such data use, including what processing occurs when you access Proofpoint Sites and Proofpoint Services. Details can be found on the Proofpoint Trust Site.
The following privacy statement (“Privacy Statement”) is designed to inform you of the policies and procedures that will apply to the collection, security, use and disclosure of any of your personal data collected by Proofpoint Inc. (collectively, “Proofpoint”, “We”, “Us”, or “Our”) or any of its affiliated companies including Cloudmark, LLC, ObserveIT, Ltd., Proofpoint Canada, Inc., Proofpoint Limited (UK), Proofpoint Pty Ltd (Australia), Proofpoint Japan KK, Proofpoint GmbH (Germany), Proofpoint Singapore Ptd. Ltd., Proofpoint Int’l (Taiwan), and Wombat Security Technologies, Inc. (collectively “Proofpoint”, “we”, “us” and “our”) through www.cloudmark.com, www.observeit.com, www.proofpoint.com, www.proofpoint.com/uk, www.proofpoint.com/fr, www.proofpoint.com/de, www.proofpoint.com/es, www.proofpoint.com/it, www.proofpoint.com/jp, and www.proofpoint.com/au (the "Site") or in connection with our products and services (the “Proofpoint Services”). It also describes your choices regarding use, access and correction of your personal information. This Privacy Statement describes the treatment of information we collect from and about you when you visit our websites or use our services that contain a link to this Privacy Statement. By proceeding to use the Site and/or the Proofpoint Services you consent that we may process the personal data that we collect from you in accordance with this Privacy Statement.
Changes to this Privacy Statement
We may modify this Privacy Statement from time to time to reflect changes to our information practices, so check back frequently. Any changes to this Privacy Statement will be posted on this page, and where appropriate (for example, if there are material changes to this statement), we will notify you by email or by means of a notice on our home page prior to the changes taking effect.
In this statement, "using" and "processing" information includes using cookies on a computer, subjecting the information to statistical or other analysis and using or handling information in any way, including without limitation collecting, storing, evaluating, modifying, deleting, using, combining, and transferring information within our organization or among our affiliates within the United States or internationally.
Proofpoint is a multi-national organization with cross-border technical systems, intra-group relationships and business processes. If you are located outside the United States and provide personal data to us, Proofpoint may transfer your personal data to the United States and use it there in accordance with this Privacy Statement.
Regulators in the United States have indicated that they will continue to enforce the Privacy Shield Frameworks, and Proofpoint shall continue to participate in the Privacy Shield Frameworks. Proofpoint is monitoring the evolving circumstances surrounding the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework and any potential amendments or replacements. This Privacy Statement will be updated as more information becomes available. Proofpoint has always included the SCCs in its standard data processing agreement as its primary data transfer mechanism and we will continue to rely on the SCCs as a legal basis for transferring personal data to and processing such data in the US. Proofpoint’s data privacy agreement, including the SCCs, can be found on Proofpoint’s Trust Site https://www.proofpoint.com/us/legal/trust.
Proofpoint, Inc. and US subsidiary companies Cloudmark LLC; ObservIT, Inc.; and Wombat Security Technologies, Inc. participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. Proofpoint, Inc. is committed to subjecting all personal data received from European Union (EU) member countries and Switzerland, respectively, in reliance on each Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Frameworks, visit the U.S. Department of Commerce’s Privacy Shield List. https://www.privacyshield.gov/list.
Proofpoint, Inc. is responsible for the processing of personal data it receives, under each Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Proofpoint, Inc. complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Proofpoint, Inc. is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Proofpoint, Inc. may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Under certain conditions, more fully described on the Privacy Shield website https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
Information We Collect and How We Use It
Our primary goals in collecting information are to provide and improve our products and services, to provide quality customer service, to contact companies whose representative has indicated an interest in receiving information about Proofpoint products and to enable users to effectively navigate the Site. We may collect the following personal data about you and process it in the following ways.
Contact Information You Give Us
You may give us your contact information in the following ways: (i) if you sign up for a free 45 day trial via www.proofpoint.com, (ii) sign up for offers on the Site, (iii) sign up for newsletters, (iv) download white papers from the Site, (v) respond to a promotion offered by a Proofpoint partner or (iv) send us an email. Such contact information includes first and last name, title, company name, industry type, mailing address, telephone number, fax number, email address and company size ("Contact Information"). We may also collect information about your mailbox size, which will allow us to classify your company by size and provide customized information about implementing Proofpoint Services within your organization. We may combine your Contact Information with information collected from others in order to improve the quality and value of the Proofpoint Services and to analyze and understand how our Site is used.
We will use your Contact Information to: (i) carry out our obligations arising from any contracts entered into between you and us; or (ii) provide you with the services, products or information, you have requested from us; (iii) notify you about changes to our services or products; or (iv) ensure that content from our Site is presented in the most effective manner for you and your device. We may also use your Contact Information to contact you with certain marketing or promotional materials, as well as other information that may be of interest to you. If you no longer consent to our use of your Contact Information to send you our newsletter or other communications please send us an email so stating to firstname.lastname@example.org or follow the unsubscribe instructions provided in any of the communications.
We will retain your information for as long as your account is active or as needed to provide you services. If you wish to cancel your account or request that we no longer use your information to provide you services contact us at email@example.com. Please note that we may still retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Personal Data You Post On Our Blog
If you use the blog on this Site, you should be aware that any personal data you submit there can be read, collected, or used by other users of these blogs, and could be used to send you unsolicited messages. We are not responsible for the personal data you choose to submit in these blogs. To request removal of your personal data from our blog, contact us at firstname.lastname@example.org. In some cases, we may not be able to remove your personal data, in which case we will let you know if we are unable to do so and why.
Customer Testimonials We Collect From You
We may post customer testimonials/comments/reviews on our Site which may contain personal data. We will not post a testimonial from you without obtaining your prior consent.
Log Data and Personal Network Information We Collect From You
When you visit the Site, we automatically collect technical and statistical data about your visit, such as your browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data, the pages you visit and any search terms you use ("Log Data"). We also collect your public IP address when you visit the Site. We may use your public IP address in order to determine whether certain requests are fraudulent or frivolous and we may automatically cross-reference your public IP address with your domain name (usually the domain name of your ISP or employer). Because you may be visiting the Site from your personal residence (for example, because you are telecommuting), your IP address and any associated domain name are treated as "Personal Network Information" instead of Contact Information. "Log Data" does not include Personal Network Information. Although such Personal Network Information may be used to administer and maintain the Site, it is not shared with any third parties, except as described below in the sections titled "Service Providers," "Compliance with Laws and Law Enforcement" and "Business Transfers." We will use Log Data for any purpose.
We may also use your Log Data and Personal Network Information to: (i) administer our Site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes; (ii) improve our Site to ensure that content is presented in the most effective manner for you and for your device; (iii) allow you to participate in interactive features of our service, when you choose to do so; (iv) as part of our efforts to keep our Site safe and secure.
Legal basis for processing personal information (EEA visitors only)
If you are a visitor from the European Economic Area, our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it.
However, we will normally collect personal information from you only where we have your consent to do so, where we need the personal information to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms.
After stripping out any information that would personally identify you from within the set of Contact Information, Personal Network Information and Log Data we collect from you, we may combine that information with information we collect from other Proofpoint users and customers (collectively the "Aggregated Information") in order to improve the quality and value of Proofpoint Services and to analyze and understand how our Site is used.
Technologies such as cookies or similar technologies are used by Proofpoint and our partners, affiliates, or analytics or service providers. These are used in storing content information and preferences, analyzing trends, administering the site, tracking users’ movements around the site, and to gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies by these companies on an individual as well as aggregated basis.
Behavioral Targeting / Re-Targeting
We partner with a third party to either display advertising on our Web site or to manage our advertising on other sites. Our third party partner may use technologies such as cookies to gather information about your activities on this site and other sites in order to provide you advertising based upon your browsing activities and interests. If you wish to not have this information used for the purpose of serving you interest-based ads, you may opt-out by going to https://optout.networkadvertising.org (or if located in the European Union please go here https://www.youronlinechoices.eu). Please note this does not opt you out of being served ads. You will continue to receive generic ads.
Proofpoint’s Services are designed to protect and secure our customers from malicious attacks such as phishing, targeted impersonation, ransomware, keylogging and remote access trojans (RATs). Proofpoint’s Services employ a variety of techniques such as threat prevention, detection and analysis; fraud prevention; regulatory and compliance archiving; and cyber security awareness training in order to protect our customers and their data. Depending on the particular Proofpoint Service we may process the following types of personal data: user names, email addresses, IP addresses, phone numbers, message content of an SMS, MMS, or RCS message reported by you as spam, social media account login credentials, and user information such as department, job position and location.
Information Sharing and Disclosure
Where you have consented we may from time to time share your Contact Information (name, email address, phone number) with our authorized channel partners so that they can provide you with information on goods or services that may be of interest to you. You can, at any time, update your information and/or opt out of receiving such communications by making your choice known on the form on which we collected your data or by filling in your information and modifying "Opt out of sharing info with third parties." Before we share personal information, we enter into written agreements with recipients which contain data protection terms that safeguard your data.
We may share Aggregated Information (after stripping of any information that would personally identify you) and Log Data with third parties for industry analysis, demographic profiling, and other purposes.
We may from time to time use certain third party business partners, suppliers, and sub-contractors (including companies and individuals) to perform Site-related services (for example, without limitation, website hosting, maintenance services, database management, Web analytics, and improvement of the Site's features) (“Service Providers”). These Service Providers have access to your personal data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose. Principle 3 (Accountability for onward transfer) of the Privacy Shield requires Proofpoint to take certain steps when transferring personal data received from the European Union to third parties such as Service Providers (for example, by including mandatory contractual provisions within its contracts with those third parties). Please note that Proofpoint, Inc. remains liable under the Principles if an agent processing personal data received from the European Union on its behalf processes that personal data in a manner inconsistent with the Principles (unless Proofpoint can prove that it is not responsible for the event giving rise to the damage). If you further are routed or otherwise make any web-browsing selection that takes you to another party's website you will be subject to the terms of such third party privacy statement for any activities that you conduct while on that third-party service.
Compliance with Laws and Law Enforcement
Proofpoint cooperates with government and law enforcement officials and private parties to enforce and comply with the law. We may disclose your personal data to government or law enforcement officials or private parties in response to lawful requests if we are under a duty to disclose or share your personal data in order to comply with any legal obligation (such as to meet national security or law enforcement requirements), to enforce or apply our terms and conditions or respond to claims and legal process, to protect the property and rights of Proofpoint or a third party, to protect the safety of the public or any person, or to prevent or stop any illegal, unethical or legally actionable activity (including for the purposes of fraud protection and credit risk reduction).
If Proofpoint is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our Site of any change in ownership or uses of your personal data, as well as any choices you may have regarding your personal data.
Access To Your Information
You have rights to access your personal data under your local data privacy laws and the Privacy Shield and are able to correct, amend or delete that information under certain conditions. If you would like to exercise your right of access, if you would like to change your personal data, or if you no longer desire our service, you may access, correct, update or delete it by emailing our Customer Support at email@example.com. We will respond to your request to access without undue delay.
Upon request Proofpoint will provide you with information about whether we hold any of your personal information. You may access, correct, or request deletion of your personal information by contacting us at firstname.lastname@example.org. We will respond to your request within a reasonable timeframe. In certain circumstances we may be required by law to retain your personal information, or may need to retain your personal information in order to continue providing a service. You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority.
Proofpoint acknowledges that you have the right to access your personal information. Proofpoint has no direct relationship with the individuals whose personal data it processes. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct their query to the Proofpoint’s Client (the data controller). If requested to remove data we will respond within a reasonable timeframe. In certain circumstances we may be required by law to retain your personal information, or may need to retain your personal information in order to continue providing a service.
We retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax, or accounting requirements).
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
Security & International Transfer
Proofpoint is very concerned with safeguarding your information. We employ generally accepted standards of administrative, physical, procedural, and technological measures designed to protect your information from unauthorized access, both during transmission and once it is received. If you have any questions about the security of your personal information, you can contact us at email@example.com.
However, please note that no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, although Proofpoint complies with its legal obligations in respect of the security of your personal data we cannot guarantee its absolute security.
Links to Other Sites
Our Site contains links to other websites. If you click on a third-party link you will be directed to that third party's website. We do not exercise control over third-party websites. These other websites may place their own cookies or other files on your computer, collect data or solicit personally identifiable information from you. This Privacy Statement addresses the use and disclosure of information that we collect from you through this Site. Other sites follow different rules regarding the use or disclosure of the personally identifiable information you submit to them. We encourage you to read the privacy policies or statements of the other websites you visit. The fact that we link to a website is not an endorsement, authorization, or representation of our affiliation with that third party, nor is it an endorsement of their privacy or information security policies or practices.
Social Media Widgets
Our Web site includes Social Media Features, such as the Facebook Like button and Widgets, such as the Share this button or interactive mini-programs that run on our site. These Features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the Feature to function properly. Social Media Features and Widgets are either hosted by a third party or hosted directly on our Site. Your interactions with these Features are governed by the privacy statement of the company providing it.
Our Policy Toward Children
This Site is not directed to children under 18. If a parent or guardian becomes aware that his or her child has provided us with personal or contact information without their consent, he or she should contact us at firstname.lastname@example.org. If we become aware that a child under 13 has provided us with personally identifiable information, we will delete such information from our files immediately.
Proofpoint's Trust Site
Proofpoint is committed to the security and privacy of personal data. We maintain a Trust site at https://www.proofpoint.com/legal/trust where additional information about the security measures and procedures applicable to each Proofpoint Product may be found. Proofpoint Services customers will also find on the Trust site a GDPR data processing agreement (including the EU’s Standard Contractual Clauses) for review, download and execution.
If you have any enquires or complaints about how we use your personal data, please contact us at:
Attn: Data Privacy Officer
925 W. Maude Ave.
Sunnyvale, CA 94085
In the EU, the data controller of your personal information is Proofpoint Limited, which is registered with the Information Commissioner’s Office in the UK. You may also make an anonymous report by using the EthicsPoint hotline, which is hosted on EthicsPoint's secure servers and is not part of the Proofpoint, Inc. website or intranet.