Effective Date: 12/19/2024
Last Updated: 12/13/2024
This Privacy Statement describes the privacy practices of Sumo Logic, Inc. and its affiliates (“Sumo Logic”, “we” or “us”) and applies to the information we collect about you when you use our websites or online services (collectively, the “Services”), or when you otherwise communicate with us.
This Privacy Statement applies to the information we collect about potential workforce candidates, including information you provide to us when applying for a job via our careers site. It does not apply to the information we collect about our employees or independent contractors. It also does not apply to the information we process on behalf of our customers via our cloud analytics solutions (which is subject to our customer agreements), but it does apply to the information we collect about the individuals that use these solutions on behalf of our customers.
We may change this Privacy Statement from time to time. If we make changes, we will notify you by revising the date at the top of this statement and, in cases where there are material changes, we will provide you with additional notice (such as adding a statement within our Services or sending you a notification) prior to the changes becoming effective. We encourage you to review this Privacy Statement whenever you access the Services or otherwise interact with us to stay informed about our information practices and the choices available to you.
Please note that our Services are designed for enterprise customers, and the personal information we collect under this Privacy Statement is typically collected in a commercial or employment context. As a result, many U.S. state privacy laws do not apply to personal information we process under this Privacy Statement.
Collection of Information
Use of Information
Disclosure of Information
Advertising and Analytics
Your Choices
Contact Us
Information for California residents
Information for Individuals in the European Economic Area (EEA), Switzerland and UK
Information for Other Jurisdictions
Information You Provide to Us
We collect information when you register for an account, fill out a form or a survey, attend an event or training, post on our blog or Community forum, make a purchase, request customer support, access content on our Services (like a whitepaper), apply for a job, or otherwise communicate with us. The information you may provide includes your name and contact information (including email, phone and address), company information (including name and job title), social media handles, account username and password, payment method information, and any other information you choose to provide us.
If you apply for a position to work with us, information you provide may also include: additional government-issued identifiers (e.g., Social Security number); eligibility to work information (e.g., citizenship, work authorization status and visa application information); demographic information (e.g., age, gender, marital status, ethnicity, sexual orientation, veteran status and disability status); professional information (e.g., resume, cover letter, information shared during an interview, results of an assessment, employment history, current salary); education information (e.g., schools attended, degree information and dates of graduation); health-related information (e.g., disability information or information related to symptoms of, or risk of exposure to, certain illnesses, including contact with others who may be sick or relevant travel history); and profile photo.
Automatically Collected Information
When you use our Services, we collect the following information about you:
Information We Generate
We generate some information about you based on other information we have collected. For example, like many platforms, we use your IP address to derive the approximate location of your device. We also take notes and observations about the business contacts of our customers to help evaluate sales opportunities and about job applicants as part of our hiring process. Please note that this data may contain the personal information of other individuals (such as Sumo Logic employees providing those notes).
Information We Collect from Other Sources
We also obtain information about you from third-party sources. For instance, we receive information about contacts of potential customers through other sites that distribute our content or webinars, from data analytics and marketing services and through refer-a-friend tools made available on our Services. This information may include name, contact information (including email and phone), job title, and company.
If you apply for a job with us, we may also receive information from your named references, persons who referred you for a position, background check providers (where applicable), recruiting agencies, third-party recruitment sources and websites, and publicly available sources (such as your LinkedIn profile).
Sensitive Personal Information
Some of the information we collect in connection with applications for employment includes sensitive personal information, as that term is defined by applicable data protection law. We collect sensitive personal information only for limited purposes permitted by law, such as to accommodate a disability or illness, comply with legal obligations, protect the health and safety of our employees, and facilitate internal programs relating to diversity, equity, inclusion, and anti-discrimination.
We use the information we collect to:
We disclose information about you as follows or as otherwise described in this Privacy Statement:
We may also disclose aggregated, anonymous or, where permitted by law, de-identified information that cannot reasonably be used to identify you. We will not attempt to re-identify such information, except as permitted by law.
We engage others to provide analytics services, serve advertisements, and perform related services on our behalf across other websites and online services. We and these companies use cookies, web beacons, and other technologies to collect information about your use of the Services and other websites and online services, including your IP address, device identifiers, web browser, mobile network information, pages viewed, time spent on pages or in apps, links clicked, and conversion information. This information may be used by Sumo Logic and others to, among other things, analyze and track data, determine the popularity of certain content, deliver advertising and content targeted to your interests on our Services and other websites, and better understand your online activity. Some of the activities described in this section may constitute “sharing” or “selling” personal information under certain laws. To learn more about the choices available to you with respect to these practices, see below.
For more information about interest-based ads, or to opt out of having your web browsing information used for behavioral advertising purposes, please visit www.aboutads.info. If you are in a country in the European Economic Area (EEA), Switzerland or the United Kingdom (UK) please visit www.youronlinechoices.eu/.
Various browsers allow a “do not track” (DNT) setting that relies on a technology known as a DNT header, which sends a signal to websites visited by the individual about the individual’s browser DNT setting. At this time, there is no general agreement on how companies like Sumo Logic should interpret DNT signals. Therefore, Sumo Logic does not currently commit to respond to DNT signals, whether that signal is received on a computer or on a mobile device.
Account Information
You may update certain account information you provide via our Services (such as your name and email address) by logging into your account, but note that we retain certain information when required or permitted by law.
Promotional Communications
You may opt out of receiving promotional emails or text messages from Sumo Logic by following the instructions in those emails or text messages. If you opt out, we may still send you non-promotional emails, such as those about your account or our ongoing business relations.
If you have any questions about this Privacy Statement, please contact us at: privacy@sumologic.com, or by mail to:
Sumo Logic Inc.
c/o Legal Department
855 Main St., Suite 100
Redwood City, CA 94063.
If you are in the European Economic Area (EEA), Switzerland, or the UK, you may also contact us at:
iuro Rechtsanwälte GmbH
Schellinggasse 3/10, 1010 Vienna,
Austria
as representative in the EU according to Art 27 EU GDPR
Prighter CH GmbH
Obergrundstrasse 17, 6002 Luzern,
Switzerland
as representative in Switzerland according to Art 14 FADP
Sumologic Limited
Fourth Floor St James House, St James' Square
Cheltenham, England, GL50 3PR
United Kingdom
as representative in the UK according to Art 27 UK GDPR
This section provides additional disclosures required by the California Consumer Privacy Act (“CCPA”). If you reside in California, this section applies to you and describes our data practices today and in the preceding 12 months. This section serves as our California Notice at Collection.
Additional Disclosures
In the last 12 months, we collected the following categories of personal information: identifiers (such as name and contact information), professional or employment-related information and education history (such as for job applications or about potential and current customer contacts), internet or other electronic network activity information (such as browsing behavior), inferences (such as approximate location, product interests or interview notes and observations), characteristics of protected classifications under state or U.S. federal law (such as gender), audio or visual information (such as video recordings from interviews), sensitive personal information (such as government-issued ID numbers, or racial or ethnic origin) and transaction information (such as payment method information). For more details about the personal information we collect, including the categories of sources, please see the “Collection of Information” section above. We collect this information for the business and commercial purposes described in the “Use of Information” section above. We do not use or disclose your sensitive personal information for purposes other than those expressly permitted by California law.
In the last 12 months, we have disclosed information for the business and commercial purposes described in the “Disclosure of Information” section above. Below is a summary of those practices:
CATEGORIES OF PERSONAL INFORMATION |
CATEGORIES OF RECIPIENTS WITH WHOM WE MAY DISCLOSE INFORMATION |
|
|
Financial Incentives
We offer various financial incentives. These may benefit business contacts who sign up to receive our marketing emails or submit helpful information to Sumo Logic, or respond by providing personal information in the course of a Sumo Logic giveaway or other special happenings. For example, we may provide branded Sumo Logic gear to survey participants, gift boxes for customers attending events, free add-ons to our Services for joining a promotion, or a limited discount for new customers. When you participate in a financial incentive, we collect personal information from you, such as identifiers like your name and email address. You can opt into a financial incentive by following the sign-up instructions for that financial incentive, and for any ongoing benefits you have the ability to opt-out of the incentive at any time such as by following the unsubscribe instructions in our promotional emails. In some cases, we may provide additional terms and conditions for a financial incentive, which we will provide to you when you sign up. The value of your personal information is reasonably related to the value of what is presented to you.
Your Privacy Rights
Subject to certain limitations, the CCPA provides California consumers the right to request to know more details about the categories and specific pieces of personal information, to delete their personal information, to correct information held about you which is inaccurate or incomplete, to opt out of certain uses of sensitive personal information (should that become applicable to our processing), and to not be discriminated against for exercising these rights. To request access, correction, or deletion of your personal information, submit your request to delete-my-data@sumologic.com.
We will verify your request by asking you to provide information that matches information we have on file about you. You can also designate an authorized agent to exercise these rights on their behalf. Authorized agents should submit requests through the same channels, but we will require proof that the person is authorized to act on your behalf and may also still ask you to verify your identity with us directly.
If we deny your request, you may appeal our decision by contacting us at privacy@sumologic.com. If you have any concerns about the result of an appeal, you may contact the California Attorney general
Opting Out of Sales and Sharing
As described in the “Advertising and Analytics” section above, we work with third parties (including advertising partners and social media platforms) to serve you personalized ads on other websites and services based on the personal information they receive through our Services. Some of these activities may be considered “sales” or “sharing” of your personal information. We “sell” or “share” the following categories of personal information with the following categories of recipients:
CATEGORIES OF PERSONAL INFORMATION |
CATEGORIES OF THIRD PARTIES |
|
|
We do not knowingly sell or share personal information about consumers we know to be under the age of 16.
California consumers can opt out of “sales” and “sharing” by clicking here. You can also opt out by visiting our Services with a legally-recognized universal choice signal enabled (such as the Global Privacy Control). Please note that, depending on which legally-recognized opt-out preference signal you use and whether you are logged into your account with us, our processing of the signal may be limited to the specific browser or device that you are using. You may need to renew your opt-out choice if you use a different browser or device to access our Services, or if you clear your cookies.
The length of time we retain your personal information depends on the status of our relationship with you and the requirements of applicable law. To determine that period, we take into account a number of factors, including our legal and regulatory obligations (such as financial reporting obligations and equal opportunity or anti-discrimination reporting obligations) and whether we may need to retain personal information to resolve disputes, make and defend legal claims, conduct audits, pursue legitimate business purposes, and/or enforce our agreements. For example, if you apply for a position and are not selected for a role, we may keep your application information, including any relevant personal information, to allow us to consider you for other career opportunities with us and provided that, if required by applicable laws, we obtained your prior consent for such longer retention of your personal information.
If you choose not to disclose certain personal information, this may limit our ability to perform certain activities, such as to continue with your application process.
This section applies to you if you use our Services while in the European Economic Area (EEA), Switzerland or UK.
Legal Basis for Processing
When we process your personal data we will only do so in the following situations:
Data Subject Requests
Subject to certain limits and conditions provided under law, you have the following rights:
If you have a concern about our processing of personal data, we encourage you to contact us in the first instance. However, if we are unable to resolve it, you have the right to file a complaint with a supervisory authority. Please see this directory for contact details. If you are in Switzerland, please visit the FDPIC site for contact details. If you are in the UK, please visit the ICO site at https://ico.org.uk/make-a-comp..., for contact details.
If you would like to exercise any of these rights, you may contact us as indicated in the “Contact Us” section above.
Data Transfers and Retention
Sumo Logic processes and stores information in the U.S. and other countries, which may not provide equivalent levels of data protection as your home jurisdiction. For example, we transfer personal data to our corporate affiliates located in the United Kingdom, Poland, United States, Japan, India and Australia for the purposes described in this Privacy Statement. Transfers out of the European Economic Area (EEA), UK and Switzerland not deemed adequate by the European Commission are pursuant to Standard Contractual Clauses adopted by the European Commission.
References to “we” or “us” in the following paragraph refer only to Sumo Logic Inc. We adhere to applicable European legislation in connection with our transfer of personal data to the United States that relates to individuals in the European Economic Area (EEA), UK and Switzerland (“Covered Data”). We are committed to subjecting all personal data including Covered Data received from the EEA, UK and Switzerland to adequate protection mechanisms, as may be changed with changing law. If residing in the EEA, UK, or Switzerland, you may also contact us at:
iuro Rechtsanwälte GmbH
Schellinggasse 3/10, 1010 Vienna,
Austria
as representative in the EU according to Art 27 EU GDPR
Prighter CH GmbH
Obergrundstrasse 17, 6002 Luzern,
Switzerland
as representative in Switzerland according to Art 14 FADP
Sumologic Limited
Fourth Floor St James House, St James' Square
Cheltenham, England, GL50 3PR
United Kingdom
as representative in the UK according to Art 27 UK GDPR
The length of time we retain your personal information depends on the status of our relationship with you and the requirements of applicable law. To determine that period, we take into account a number of factors, including our legal and regulatory obligations (such as financial reporting obligations and equal opportunity or anti-discrimination reporting obligations) and whether we may need to retain personal information to resolve disputes, make and defend legal claims, conduct audits, pursue legitimate business purposes, and/or enforce our agreements. For example, if you apply for a position and are not selected for a role, we may keep your application information, including any relevant personal information, to allow us to consider you for other career opportunities with us and provided that, if required by applicable laws, we obtained your prior consent for such longer retention of your personal information.
Depending on your jurisdiction and subject to certain limitations, you have the following rights with respect to the personal information we process about you:
If you would like to exercise any of these rights, you may submit your request by writing us at delete-my-data@sumologic.com We may verify your request by asking you to provide certain information that matches information we have on file about you.
