Last updated May 25, 2018
ForgeRock is committed to protecting your privacy and your rights to control your personal data. Our principles are simple; we believe in building trust through transparency; and our guiding principle is “no information about you without you.” This Privacy Statement (“Statement”) explains what personal information we may collect from you when you use our products or services, visit our website, or attend our events; how you can control that information; and how we may use it.
1. WHAT PERSONAL INFORMATION WE COLLECT
This section describes the personal information we collect when you use our products or services, visit our website, or attend our events, and explains why we collect it.
We define “Personal Information” broadly, as any information that relates to a specific person, including identifying information such as a name, an identification number, location data, or an online identifier, as well as any information specific to that person’s physical, physiological, genetic, mental, economic, cultural, or social identity.
We use following categories to describe the type of Personal Information we collect, depending on the products and services you use, how you use them, and how you interact with our website:
- “Billing Information” – means card holder name, credit card number, date of expiry, card verification code (CVC) or security code
- “Contact Information” – means email, first name, last name, company / organisation, telephone number, address, country
- “Company Information” – means company or organisation and related firmographic information, including size, industry, region, and country
- “Delivery Information” – means the specific information we collect to enable downloading of software if any or the delivery of services and training.
a) When you register for ForgeRock products and services:
We collect: Contact Information
- To communicate with you and provide you with requested services
- To share news with you about our events and products
- To give you a more personalized experience on our sites
We may also collect: Company Information
Why: to improve our services, website, and user experience; for marketing or industry reporting purposes; or for legal and regulatory compliance purposes
Please note that we do not sell, distribute or lease your Personal Information to third parties unless we have your explicit permission or are required by law to do so. If you have previously given your consent to us using your Personal Information for direct marketing purposes, you may withdraw your consent at any time by writing to us or emailing us at [email protected]
b) When you order ForgeRock products and services:
We collect: Contact Information, Delivery Information, and Billing Information
Why: We use this information to complete your transaction, follow up with you about your purchase, help with any delivery issues, handle returns and other issues related to the purchase of your ForgeRock products or services.
Please note that we do not store any Billing Information on our servers. We only use your Billing Information in connection with the purchase of our products and services, when we transmit it directly from you to the credit card processing company.
c) When you subscribe to our E-mails or similar services:
We collect: Contact Information
Why: We use this information in the same manner as we use Contact Information in the registration and ordering process described above.
You may wish to unsubscribe from our e-mail communications anytime by clicking the “unsubscribe” link at the end of our e-mail. This will take effect within 48 hours.
d) When you attend one of our events that is sponsored or hosted by one of our external partners or third party hosted events:
Some of our events are sponsored or hosted by our external partners or hosted by third parties. If you register to attend such an event, we may share the Contact Information you provided in connection with registration with our event partner or the third party may share it with us for purposes of verifying registration and ensuring only registered guests are allowed access.
Although the event registration page has the same look and feel as www.forgerock.com you may actually be submitting registration information to a third-party service provider that then returns the information to our website in order to fulfil your registration request.
Please note that we will only share your Contact Information directly with our event partner if you registered for the event. If you do not wish to have your information included in an attendee list or do not wish to receive information from our event partners, you can so advise us when you register for our events or you may contact us directly at [email protected].
e) When you attend one of our live events, web conferences, or seminars:
If you register for one of our events and you have a ForgeRock account, we will access the Personal Information in your ForgeRock account in order to provide you with information and services associated with the event. If you do not have a ForgeRock account, we will collect your Contact information upon registration, which we will use to provide you with information and services associated with the event.
If you attend one of our events, we may collect Contact Information and Company Information from the organisation that you represent.
f) When you train through ForgeRock University:
If you are training through ForgeRock University, we collect your Contact Information. You may enroll for a course directly through our university service ([email protected]) or you may enroll through one of our training partners. We occasionally use independent contractors to conduct the training and rely on third-party partners to provide the training venue. When you register for University offerings through one of our third-party training partners, you will be notified that you are leaving our website, whereupon your activities will be subject to that third party’s privacy policies and this Statement will no longer apply. While we endeavour to work with partners who share our commitment to protecting your privacy, we encourage you to confirm that you are comfortable with that party’s policies before sharing any Personal Information on their website.
g) When you pursue certification through ForgeRock University:
When you register for one of our certification exams, we collect your Contact Information, which we share with our third-party, computer-based-exam service provider. That service provider will, in turn, share with us the Contact Information you furnish to them to verify your identity for the exam. We will also collect your exam results in order to update and maintain our certification records.
Only authorized ForgeRock employees have access to our certification records and individual exam results.
h) When you correspond with us:
When you correspond with us by email, a postal service, or other form of communication, we may retain such correspondence and the information contained in it and use it to respond to your inquiry; to notify you of ForgeRock’s other services; or, as applicable, for record-keeping purposes.
If you want us to delete your Personal Information contained in such correspondence or otherwise want us to refrain from communicating with you, please contact us at [email protected].
Please note that if you ask us not to contact you by email at a certain email address, we will retain a copy of that email address on our “master do not send list” for the exclusive purpose of complying with your no-contact request.
i) When you visit a ForgeRock office
When you visit a ForgeRock office, we may take static or moving imagery of you via CCTV.
2. HOW WE USE YOUR PERSONAL INFORMATION, AND THE LEGAL BASES FOR THESE USES
When we collect your Personal Information our goal is to improve your experience with us. We use your Personal Information to provide you with the products or services (including membership services, events, publications, certification and training) you have inquired about, requested or purchased from us. We also use your Personal Information to refine our products and services, tailoring them to your needs, and to communicate with you more effectively and meaningfully about any new services that may assist you going forwards.
In particular, we collect your Personal Information for the following purposes:
a) To fulfill a contract, or take steps linked to a contract: this is relevant where you register to use a ForgeRock product or website (whether paid, or as a free trial). This includes:
- Providing you with the ForgeRock products or services for which you have registered and any other products and services you have requested;
- Verifying your identity;
- Taking payments;
- Sending you necessary communications (for example, related to payments); and
- Providing customer service or support.
b) As required by ForgeRock to conduct our business and pursue our legitimate interests, in particular:
- Providing you with the ForgeRock products and services for which you have registered and any other products and services you have requested;
- Analyzing your use and measuring the effectiveness of our websites and electronic communications to better understand how they are being used so we can improve them and offer a better customer experience;
- Sending you information about ForgeRock products and services, special offers, and similar information, and sharing your information with our third-party marketing service providers for our own marketing purposes (where your consent is not required);
- Maintaining our websites and the applications they host, including keeping them secure and performing optimally;
- Conducting surveys and market research about our customers, their interests, the effectiveness of our marketing campaigns, and customer satisfaction (unless we need consent to undertake such surveys, in which case we will only do this with your permission);
- Investigating and responding to any comments or complaints you may sent us;
- Checking the validity of the Billing Information you submit if you use a credit or debit card for payment, in order to prevent fraud; and
- In connection with legal claims, compliance, regulatory, and investigative purposes as necessary (including disclosure of information in connection with legal process or litigation).
c) Where you give ForgeRock your consent or otherwise consistent with your choices:
- Sending you information about ForgeRock products and services, special offers, events, and similar information, and sharing your information with our third-party marketing service providers for our own marketing purposes (where your consent is required); and
- Placing cookies and using similar technologies on our websites and in email communications, in accordance with our Cookies Policy and the information provided to you when you use those technologies.
On other occasions where we ask you for consent, we will use the information for the purposes which we explain at the that time.
d) For legal reasons:
- To respond to requests by government or law enforcement authorities conducting an investigation
- To detect, prevent, or otherwise address fraud, security, or technical issues, and software piracy (e.g., to confirm that software is genuine)
- To provide evidence or to prevent a crime being committed where the information collected is via CCTV.
- To ensure the health and safety of visitors to ForgeRock sites and offices.
3. YOUR RIGHTS IN RESPECT OF YOUR PERSONAL INFORMATION AND HOW TO EXERCISE THEM
Under the law of some countries, you may have the right to ask us for a copy of your Personal Information; to correct, delete or restrict (stop any active) processing of your Personal Information; and to obtain the Personal Information you provide to us for a contract or with your consent in a structured, machine readable format, and to ask us to share (port) this information to another controller.
In addition, you can object to the processing of your Personal Information in some circumstances (in particular, where we don’t have to process the information to meet a contractual or other legal requirement, or where we are using the information for direct marketing). These rights may be limited, for example, if fulfilling your request would reveal Personal Information about another person, or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping (such as fraud prevention purposes).
To exercise any of these rights, you can get in touch with us using the details set out at the end of this Policy. Additionally, our websites allow you to edit your Personal Information and your communication preferences by accessing your ForgeRock preference center using the following link: https://go.forgerock.com/Preference-Center_Submit-Your-Email.html
If you have unresolved concerns, you have the right to report them to an EU or other data protection authority where you live, work or where you believe a potential violation may have occurred.
To register with ForgeRock, to create an account with us, and to use some ForgeRock websites, products or services, the provision of some information is mandatory: if relevant information is not provided, then we will not be able to administer a ForgeRock account to you, or provide you with the websites, products or services requested. All other provision of your information is optional. Providing optional information will help us offer you a better experience, such as more personalized or tailored content or offerings.
Withdrawing Consent or Otherwise Objecting to Direct Marketing
ForgeRock and the third-party marketing services providers we hire to help us market our products and services on our behalf may use your Personal Information to provide you with information and offers related to ForgeRock. Wherever we rely on your consent, you will always be able to withdraw that consent, although we may have other legal grounds for processing your information for other purposes, such as those set out above. In some cases, we are able to send you direct marketing without your consent, where we rely on our legitimate interests. You have an absolute right to opt-out of direct marketing, or profiling we carry out for direct marketing, at any time by: updating your preferences by accessing your ForgeRock Preference Center or contacting us using the details provided at the end of this policy.
4. HOW FORGEROCK COLLECTS YOUR PERSONAL INFORMATION
In addition to any Personal Information we collect directly from you with your consent, we may collect Personal Information through the websites we own and operate using the following methods:
Automatic Data Collection
- The domain name and geographic location of visitors to our Web site; and
- Any Personal Information volunteered by visitors to the site, such as survey information and/or site registrations.
We also compile Personal Information on the pages accessed at our website by visitors. The information collected is used:
- To improve the content of our website;
- To customize the content and/or layout of our site for registered visitors;
- To notify registered visitors about updates and special offers; and
- To promote sales and advise prospective customers of special offers or services.
Your IP Address and other similar information
Our website cookies may collect certain anonymous information about your visit, such as the name of the Internet service provider and the Internet Protocol (IP) address through which you access the Internet; the date and time you access the website; the pages that you access while at the website and the Internet address of the Web site from which you linked directly to our site. This information is used to help improve the website, analyse trends, administer the website and provide optimised advertising to you.
Cookies and ad technology such as web beacons, pixels, and anonymous ad network tags help us serve relevant ads to you more effectively. A cookie is a small text file that a website saves on your computer or mobile device when you visit that site. It enables the website to remember your actions and preferences (such as login, language, font-size and other display preferences) over a period of time, so you do not have to keep re-entering them whenever you return to the site. Pixels help us understand and improve the delivery of ads to you
- Strictly Necessary Cookies: Some of our cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you, which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any of your Personal Information and are only used to deliver essential functionality to the website.
- Performance Cookies: These cookies allow us to count website visits and traffic sources so we can measure and improve the performance of our website. They help us to know which pages are the most and least popular and to understand how visitors navigate the website. All the information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our website, and will not be able to monitor its performance or give you the best user experience as a result.
- Functional Cookies: These cookies enable the website to provide enhanced functionality and personalization. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly. For example, third party cookies may include cookies from Greenhouse, used by ForgeRock for recruitment purposes, Google, used for analytics, Vimeo used for video content and streaming management, and Twitter and Instagram for messaging / announcements.
- Targeting Cookies: These cookies may be set through our website by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other websites. They do not store directly any Personal Information, but function uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising. For example, advertising partners include LinkedIn and Facebook as well as many other advertisers of ForgeRock products.
- Social Media Cookies: These cookies are set by a range of social media services that we have added to the website. These enable you to share our content with your friends and networks. The cookies are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit as they allow for advertisers to target their products to your interests. If you do not allow these cookies you may not be able to use or see these sharing tools and adverts are less likely to be tailored to your interests
Opting Out of Cookie Use:
If you do not wish to receive cookies or if you wish to change the way you receive them, you can adjust your browser’s cookie settings accordingly.
You can delete all of our cookies that have already been placed on your computer or you can set your system to prevent them from being placed before you visit our website. If you do this, however please remember that you may have to manually adjust some of your preferences every time you visit the ForgeRock website as some of our services and functionalities may not work properly.
Please note that if you have disabled one or more of our cookies, we may still use the information collected from the cookies prior to them being disabled as a part of your preferences. After you disable the cookies, they will not collect any new data going forwards.
ForgeRock Website Analytics and Performance
Required Site Features – vendors that may collect Personal Data on our behalf.
Functional Site Features – vendors that may collect anonymous data on our behalf:
We may receive updated Personal Information, including Contact Information from third parties and partners, which we may use to correct our records. Other purposes for which we may receive Personal Information are to update internet search results and links to our advertising or to further sales including procurement of paid listings (such as sponsored links). When we receive Personal Information from third parties, we verify that the third party has procured it legally and in accordance with our privacy principles.
5. WHERE FORGEROCK STORES YOUR PERSONAL INFORMATION
ForgeRock stores all Personal Information in our secure databases (hosted by cloud service providers) located in the regions where we operate around the world. Personal Information is accessible by authorised ForgeRock personnel only, and we have organisational and technical measures in place to protect your data.
6. HOW LONG DOES FORGEROCK RETAIN YOUR PERSONAL INFORMATION
Normally, ForgeRock retains your Personal Information for the duration of your relationship with ForgeRock (for as long as your account is active or as needed to provide you with your services).
Where Personal Information is subject to legal or regulatory data retention requirements, ForgeRock will retain such information in accordance with the applicable retention period.
Generally, we will only retain and use your Personal Information as necessary to comply with our legal obligations, to resolve disputes, and enforce our agreements.
CCTV information is kept for a period of thirty days and after this time it is deleted. Imagery required for investigative purposes will be kept longer and only for the purposes or evidential purposes may be retained beyond thirty days and is securely disposed of upon completion/conclusion of the purpose for which it has been retained.
Imagery is retained in a secure environment and is only accessible by authorized personnel who have a legitimate reason to do so.
Where ForgeRock does not have an obligation to retain your Personal Information, you have the right to request the deletion of your Personal Information from ForgeRock systems. For more information on your rights of erasure or portability of your data, please see the sections below. If you wish to cancel your account or request that we no longer use your Personal Information to provide you services, please contact us at [email protected].
7. HOW FORGEROCK SECURES YOUR PERSONAL INFORMATION
ForgeRock uses a variety of organizational, technical and physical security safeguards in place to protect Personal Information from unauthorized access, use, or disclosure.
ForgeRock classifies your Personal Information according to its sensitivity to ensure that it is managed appropriately and that it is not disclosed to un-authorised parties. Access to all Personal Information (not just the sensitive information) is restricted. Only ForgeRock employees who need the information to perform a specific job function or are granted access to personally identifiable information as a part of their role (for example; accounts payable or a customer service representative).
We store Personal Information on servers in controlled facilities with no unauthorised access and only limited access to authorised personnel. Our systems are secured using the latest generation security technologies and we have the necessary policies and procedures in place to assure data security and integrity to a high standard.
Although ForgeRock is not certified with the Department of Commerce, we follow (wherever possible) the EU-US Privacy Shield Frameworks regarding the collection, use, and retention of Personal Information from European Union member countries via our hosted systems. To learn more about the Privacy Shield Principles, please see here.
8. WITH WHOM DOES FORGEROCK SHARE YOUR PERSONAL INFORMATION
We may share your Personal Information with our suppliers, training partners, conference or event hosts (to verify your identity when you arrive), our external recruiters, our background-security-check partners, with our consultants and contractors who provide services on our behalf such as web site hosting, public relations, mailing (campaign), answering customer questions or service matters, issuing notifications and sending information about our special offers and the services we offer. We provide those companies with only the necessary amount of Personal Information they need to deliver our service and only where there is a legitimate reason to do so. Where this reason involves your consent, we will ensure that we obtain it and do not share Personal Information where we do not have permission to do so.
We may share aggregate information, which is not personally identifiable, with other organizations. This information may include usage and demographic data, but it will not include Personal Information.
All of our partners, suppliers and contractors are legally obliged to maintain your Personal Information confidentiality at all times and that they are not to use your Personal Information in any way other than to provide you with ForgeRock products and services that you have consented to be provided unless there is another legitimate legal purpose to do so.
On occasion, ForgeRock may also make your Contact Information available to our partners offering ForgeRock products or services which we feel will be of interest to you to provide a better service.
In some circumstances, we may provide targeted lists of names as well as offline and online Contact Information for marketing purposes to a third-party agent acting on our behalf. Should this be the case, the third party will be subject to ForgeRock policies and will have a clear contracted purpose. You have the right not to allow us to share your Personal Information with these third parties and can explicitly opt out of this when registering your preferences. Alternatively, you can send an email to [email protected] where we will update this information for you.
Some of our vendor partners may require the Personal Information of ForgeRock-University students who attend their vendor classes hosted by ForgeRock University. This Personal Information may include student name, company name, email, and exam rating / result as well as a unique student identifier.
Our subsidiary and affiliate companies, entities into which our company may be merged, or entities to which any of our assets, products, sites or operations may be transferred, will be able to use the Personal Information that you have consented to allow us to use or the Personal Information that is needed to fulfill a legal obligation.
ForgeRock may disclose Personal Information if required to do so by law or in the good faith belief that such action is necessary to (a) conform to the edicts of the law or comply with legal process served on ForgeRock; (b) protect and defend the rights or property of ForgeRock or (c) act in urgent circumstances to protect the personal safety of ForgeRock employees or agents, users of ForgeRock products or services, or members of the public. We will disclose Personal Information in response to a court order or a subpoena or other legal obligation, in response to a specific law enforcement agency's request, or in special cases when we have reason to believe that disclosing this Personal Information is necessary to identify, contact or bring legal action against someone who may be causing injury to or interference with (either intentionally or unintentionally) our rights or property. You should also be aware that courts of equity, such as Bankruptcy Courts, might have the authority under certain circumstances to permit Personal Information to be shared or transferred to third parties without permission.
9. OUR WEB LINKS, PUBLICATIONS AND SURVEYS
Our web sites may contain links to other sites such as those within the Backstage Marketplace. ForgeRock is not responsible for the privacy practices or content of these sites. We do not knowingly work or collaborate with organizations who do not respect your privacy or our policies and practices.
We encourage our users to be aware when they leave our site that their privacy may be subject to different treatment and kindly ask users to read the privacy statements of each web site to which we may link.
We do not provide external publications (news feeds) apart from the provision of information to certain online blogs which are not in the public domain. We may conduct surveys to improve our services and products but the participation in such surveys is voluntary and we respect your privacy when undertaking them.
From time to time we may invite you to provide information via surveys or customer feedback forms. The participation in these surveys or feedback requests are completely voluntary, you have a choice as to whether to disclose any Contact Information (such as name and email address) and demographic information (such as post or zip code). We use this Personal Information to monitor or improve the use of our website or other products or services.
10. TRANSFERING YOUR PERSONAL INFORMATION FROM EU TO THE US
ForgeRock has its headquarters in the United States. Personal Information we collect from you, may be processed in the United States. The United States has not sought nor received a finding of adequacy from the European Union under Article 45 of the GDPR for data transfers and Privacy Shield.
ForgeRock relies on derogations for specific situations as set forth in Article 49 of the GDPR as the basis for such transfers. ForgeRock collects and transfers to the U.S. Personal Information only with your consent or to perform a contract with you or to full-fill a compelling legitimate interest of ForgeRock in a manner that does not outweigh your privacy rights.
Where transfers of Personal Information are made, the appropriate legal mechanisms are in place to ensure that Personal Information is treated appropriately and in line with legal requirements for compliance.
11. CHANGES IN OWNERSHIP
If ForgeRock is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our website of any change in ownership or uses of your Personal Information, as well as any choices you may have regarding your Personal Information.
12. CONTACTING FORGEROCK
Any Personal Information we collect is controlled, and as applicable, processed, by ForgeRock, Inc. located at 201 Mission St, Suite 2900, San Francisco, CA 94105. However, the following ForgeRock organisations may also act as a data controller or processor of your Personal Information, depending on the products or services you are using and where you are located:
- ForgeRock, Inc., 201 Mission St, Suite 2900, San Francisco, CA 94105, USA
- ForgeRock US, Inc. 201 Mission St, Suite 2900, San Francisco, CA 94105, USA
- ForgeRock Limited, 60 Queen Square, Bristol, BS1 4JZ, United Kingdom
- ForgeRock Deutschland GmbH, c/o Taylor Wessing, Am Sandtorkai 41, 20457 Hamburg, Germany
- ForgeRock France, 55 Rue Blaise Pascal, 38330, Grenoble, Montbonnot, France
- ForgeRock AS, Lysaker Torg 2, 1366 Lysaker, 02119 Baerum, Norway
- ForgeRock AUS PTY. LTD., c/o Maddocks, Collins Sq Tower Two, Level 25, 727 Collins Street, Melbourne VIC 3000, Australia
- ForgeRock SGP, Pte. Ltd., c/o RHT Corporate, 6 Battery Road, #10-01, Singapore 049909
- ForgeRock NZ Limited, c/o Ilumin Limited, Level 1, 79 Taranaki Street, Te Aro, Wellington 6011, New Zealand
- ForgeRock AB, c/o BTR Accounting & Payroll Service AB, Grev Turegatan 21, 114 38, Stockholm, Sweden
- ForgeRock Canada Inc., 550 Burrard Street Suite 2300, Bentall 5, Vancouver BC V6C 2B5, Canada
If you have any inquiries or complaints about our handling of your Personal Information or about our privacy practices in general, please contact us at [email protected], or alternatively please send a letter to ForgeRock Attention: Chief Privacy Counsel, 201 Mission St, Suite 2900, San Francisco, CA 94105
We will respond to your inquiry within thirty days to answer your request or to inform you when we will answer. If we are unable to satisfactorily resolve your complaint, or if we fail to acknowledge your complaint, you can submit your complaint to our legal department, which provides a dispute resolution service based in the United States at no cost to you. If neither party resolves your complaint, you may pursue your case with the Supervisory Authority of the member state in the jurisdiction that ForgeRock entity is established.
13. NOTIFICATION AND CHANGES
If we change our Privacy Statement, we will post the changes on this page so our users are aware of the changes, however, users should check this page frequently to keep abreast of any changes.
For further enquiries about this Statement, please contact:
ForgeRock – Chief Privacy Counsel 201 Mission St, Suite 2900 San Francisco, CA 94105 T: +1-415-599-1100
This privacy statement was updated in May 2018