Global Privacy Statements

Ping Identity Privacy Statements

Last Updated: October 9, 2023

At Ping Identity we understand that while your privacy may be important to us, it is even more important to you, which we assume is why you are here reading this. First off, we want to welcome you to our site, and we appreciate you taking the time to read our Privacy Statement. If you take anything away from this Statement, please let it be this: we are committed not only to protecting your privacy but also to respecting your rights. If you have any questions or want to contact our Privacy Officer, you can always email the Ping Identity privacy team at privacy@pingidentity.com.

This information is being provided by Ping Identity Corporation for itself and its affiliates, (collectively, “Ping Identity”).

Ping Identity
1001 17th Street
Suite 100
Denver, CO 80202 USA

Please note that we process personal information both for our own purposes (as a “controller”) and in connection with our identity and access management solutions. When processing data for customers in connection with our solutions, we act as a data processor (also known as a service provider or contractor) for our customers with respect to the information pertaining to their employees, consumers or end users captured by our solutions. We classify the personal information processed in connection with our solutions as “Customer Data.” We are deeply committed to protecting Customer Data and we have a dedicated Customer Data Privacy Statement that explains our practices when we are a data processor.

Ping Identity Privacy Statement

This Privacy Statement describes our practices with respect to the personal information we collect from professionals and other individuals who interact with us directly, such as visitors to www.pingidentity.com and other Ping Identity websites.

1. Our Collection, Use and Disclosure of Personal Information

Ping Identity collects personal information from individuals who interact with us directly through our online sites, mobile apps or at trade shows, or business meetings. We only collect personal information when we have a legal basis for doing so.

“Personal Information” or “PI” is any information that can be used to identify, locate or contact you. It also includes other information that may be associated with your name or other identifiers. The chart below describes the categories of personal information we collect, the sources of that information, the reasons we collect it, and the types of people to whom we may disclose the information.

Please note that we may use and disclose any personal information for our “Everyday Business Purposes” as permitted by law. We may also disclose any personal information to our affiliates and to the service providers and contractors that need to use the information to provide services to us. We have contracts with these companies that require them to protect our information and to comply with law. We may also disclose any information if we have your consent or when required by law, such as in response to a subpoena or to law enforcement agencies and courts in the United States and other countries where we operate.

We do not sell any personal information for monetary consideration. We share personal information for online targeted advertising, including cross-contextual behavioral advertising, as indicated in the chart. You can opt-out of this sharing at any time by exercising Your Privacy Choices.

¹ Everyday Business Purposes encompasses the Business Purposes (as defined by California law) and following related purposes for which any personal information may processed:

• To provide the information, product or service requested by the individual or as reasonably expected given the context in which the personal information was collected (such as customer credentialing, providing customer service and preference management, providing product updates, bug fixes or recalls, and dispute resolution)
• For identity and credential management, including identity verification and authentication, system and technology administration
• To protect the security and integrity of systems, networks, applications and data, including detecting, analyzing and resolving security threats, and collaborating with cybersecurity centers, consortia and law enforcement about imminent threats
• For fraud detection and prevention,
• For legal and regulatory compliance, including all uses and disclosures of personal information that are required by law or for reasonably needed for compliance with company policies and procedures, such as: anti-money laundering programs, security and incident response programs, intellectual property protection and anti-piracy programs, and corporate ethics and compliance hotlines,
• For corporate audit, analysis and reporting,
• To enforce our contracts and to protect against injury, theft, legal liability, fraud or abuse, to protect people or property, including physical security programs
• To de-identify the data or create aggregated datasets, such as for consolidating reporting, research or analytics,
• To make back-up copies for business continuity and disaster recovery purposes, and
• For corporate governance, including mergers, acquisitions and divestitures.

Please note that we may also use and disclose information about you that is not personally identifiable. For example, we may publish reports or create products that contain de-identified, aggregated or statistical data. These reports and products do not contain any information that would enable the recipient to contact, locate or identify you.

2. Your Privacy Rights and How to Exercise Them

Ping Identity respects your rights to access, correct and request erasure or restriction of your personal data as required by law. Depending on your country or state of residence, these rights may include:

• The right to be informed about our collection, use and disclosure of your personal information,
• The right to know if we maintain your personal information, and if we do, to access that information (subject to the rights of others) and to request that we provide your information in a portable format,
• The right to ask us to correct your information if it is incomplete or incorrect,
• The right to ask that we delete your personal information, and
• The right to object to our processing of your personal information, including the rights to object to:
  • the sale of your personal information,
  • the sharing or use of your personal information for certain types of online targeted advertising,
  • the use of profiling or automated decision-making which might significantly affect you,
  • if we are processing your personal information based on your consent, to withdraw your consent at any time.

To learn more about the specific rights that you have and to exercise your rights, please visit our privacy rights portal at Your Privacy Choices. You can also contact the Ping Identity Privacy Office at privacy@pingidentity.com.

Please understand that these rights are subject to some limitations. For example, we may require documentation to support certain corrections to your information, and we generally cannot restrict or delete personal information in those situations where our retention is required for our internal business purposes or to comply with law.

We will not retaliate against you if you exercise your privacy rights.

3. Analytics, Profiling and Automated Decision-Making

We may use analytics to understand how individuals interact with our products, websites and apps. These analytics products allow us to improve our products and give us insights for product development and personalization. We also use analytics for security and fraud prevention. Other than as described in our Career Center Privacy Statement, we do not use profiling or automated decision-making tools to make decisions that produce legal or similarly significant legal effects for you; any such decisions are subject to human review.

4. Information Security

We have an information security program that is reasonably designed to protect the confidentiality and security of all the personal information that is entrusted to us. Our security safeguards protect against unauthorized access, improper use, alteration, destruction or accidental loss. Our service providers and data processors are contractually required to implement appropriate security controls.

5. Data Retention

We will retain your personal information for as long as the information is needed for the purposes listed above and for any additional period that may be required or permitted by law, such as for business, legal, accounting, or reporting requirements. The length of time your personal information is retained depends on the purpose(s) for which it was collected, how it is used, and the requirements we have under applicable laws. If you would like us to delete your personal information, please see Your Privacy Choices for information about how to submit a deletion request. If we do not have a legal basis for retaining your information, we will delete it as required by applicable law.

6. International Transfers of Personal Information

Ping Identity is a global family of companies, headquartered in the United States. If you reside outside the US, your personal information may be processed or stored in the United States or other countries which may not have equivalent privacy or data protection laws. However, regardless of where your personal information is transferred, we will protect it in accordance with this Privacy Policy and applicable law.

Where required, we use approved Standard Contractual Clauses and other approved data transfer mechanisms to assure that personal data is adequately protected. Please contact the Ping Identity Privacy Office at privacy@pingidentity.com if you would like more information about cross-border transfers or to obtain a copy of any applicable Standard Contractual Clauses.

7. Our Commitment to Data Privacy Framework

Ping Identity complies with the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. Ping Identity has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Ping Identity has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern To learn more about the Data Privacy Framework program, please visit https://www.dataprivacyframework.gov/s/. To view our Data Privacy Framework certification, please visit https://www.dataprivacyframework.gov/s/participant-search.

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Ping Identity commits to cooperate and comply, respectively, with the advice of the panel established by the EU data protection authorities (DPAs), the UK Information Commissioner’s Office (ICO) and the Gibraltar Regulatory Authority (GRA), and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF.

The United States Federal Trade Commission has jurisdiction over Ping Identity’s compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF).

Individuals have the possibility, under certain conditions, to invoke binding arbitration for complaints regarding Data Privacy Framework compliance not resolved by any of the other DPF mechanisms. See the link to Annex I of the DPF Principles for additional information: https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2

Ping Identity may have liability in the case of onward transfers to third parties.

If you have an inquiry or a complaint regarding our Data Privacy Framework compliance program, please contact us via email to privacy@pingidentity.com. We will respond within 45 days.

Ping Identity may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

8. Information for Job Applicants and Staff

If you are a prospective, current, or former Ping Identity employee, your personal information is used for customary human resources purposes. Job applicants can read our Career Center Privacy Statement. You can also contact the Ping Identity Privacy Office at privacy@pingidentity.com for more information about our HR Privacy Program or visit our privacy rights portal at Your Privacy Choices to learn how to exercise your privacy rights.

9. Links to Other Websites

Our websites contain links to other websites for your convenience and information. We may also provide links that allow you to access and interact with other companies that are not affiliated with Ping Identity, such as our partners. When you intentionally interact with another company through these links, that company’s own policy will govern the personal information that you provide. We suggest you review each company’s privacy policies before you submit personal information to them. We are not responsible for the privacy practices of companies that are not affiliated with Ping Identity.

10. Changes in Ownership

If Ping Identity is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our website of any change in ownership or uses of your Personal Information, as well as any choices you may have regarding your Personal Information.

11. Updates to our Privacy Policy

We may update this Privacy Policy from time to time. We will post an alert online if the changes are material, and we will use good faith efforts to post these changes at least 30 days before they come into effect. If the changes will materially affect the way we use personal information that we have already collected, we will notify you.

Cookies and Online Privacy Statement

When you visit our website or use our mobile applications, we collect certain information by automated means, using technologies such as cookies, pixel tags, browser analysis tools, server logs and web beacons. In many cases, the information we collect using cookies and other tools is only used in a non-identifiable way. For example, we use information we collect about all website users to optimize our websites and to understand website traffic patterns.

In some cases, we do associate the information we collect using cookies and other technology with a unique identifier. Our PIng Identity Privacy Policy governs how we use this personal information.

We do not sell any personal information for monetary consideration. We do share personal information for online targeted advertising, including cross-contextual behavioral advertising, as indicated in the chart in our Privacy Policy. You can opt-out of this sharing at any time by exercising Your Privacy Choices.

This Cookies and Online Privacy Statement provides more information about our collection and use of Online and Technical Information.

We collect personal information and non-personal information using cookies. A “cookie” is a text file that websites send to a website visitor’s computer or device to uniquely identify the visitor’s web browser and to store information or settings in the browser. You can control cookies by changing your browser’s setting.

Our websites use four kinds of cookies:

• Strictly necessary cookies, which are required for our website to operate properly. For example, strictly necessary cookies allow you to put items in your online shopping cart and carry them through checkout. Some strictly necessary cookies are used to help ensure the security of our websites.
• Preference cookies, which allow us to recognize your computer when you visit and respect your preferences. For example, these cookies may store your username (if you ask to be remembered).
• Statistics cookies, which measure how our site works and track usage, such as which pages your visit and how long you spend there. These cookies may be placed by us (or by our service providers) or by our third party advertising partners. We place these cookies to optimize our websites and to improve website performance. Third parties use these cookies to analyze which ads you may have seen.
• Marketing cookies, which allow us and our partners to display personalized ads to you on our site and on other websites that you visit. For example, if you look at products on our website, we use advertising cookies to allow our partners to deliver our ads to you for those products on other websites. You may see other companies’ ads on our website delivered by our advertising partners.

When you visit our websites, we will always place strictly necessary cookies. You have choices about preference, statistics and marketing cookies. You can use our Cookie Management Platform to control which of these cookies you wish to accept or to reject all non-necessary cookies. If you exercise your rights to tell us not to sell/share your information to not to use your information for online targeted advertising, we will refrain from placing third party performance cookies and advertising cookies on your browser.

Our websites use Pixel Tags. Pixel tags, also known as tracking pixels, web beacons or clear GIFs, are tools used to transmit information to our service providers’ or partners' servers. When you visit a website or open an email that contains a web beacon, that tool will instruct your browser to transmit information such as your IP address, device details, time of the activity, and nature of the activity (e.g., email read, web pages visited) to us. These tools allow us to measure response to our communications and to improve our websites. They also enable partners to compile information about your browsing activity on the websites for personalization and online targeted advertising. If you exercise your rights to tell us not to share your information or not to use your information for online targeted advertising, we will refrain from placing pixel tags on your browser.

Our websites may use other tracking methods. Our websites may use other types of tracking and analytics tools, such as keystroke analytics. These tools allow us to recognize devices, even if you have rejected cookies, but they are only used for security and fraud detection purposes. For example, we use these tools to detect bots and other threats. We do not sell or share the information collected using these tools, and we do not use this information for online targeted advertising.

Our websites collect personal information using Server Logs. A server log is a text file that records activities on our web services. When you visit a website, we log the date and time of your visit, the device you use to access our website, your operating system type, browser type, domain, and other system settings, as well as the language your system uses and the country and time zone where your device is located. Our server logs also record the IP address of the device you use to connect to the Internet. An IP address is a unique identifier that devices use to identify and communicate with each other on the Internet. We may also collect information about the website you were visiting before you came to Ping Identity and the website you visit after you leave our site. We use this information in aggregate, such as to analyze website traffic patterns and to better understand website user behavior generally. We also use the information for security purposes, to detect threats, and for fraud prevention. For example, we may block login attempts coming from countries where we do not do business. We do not sell or share the information collected by our logs, and we do not use this information for online targeted advertising.

Our websites use third party analytics services, such as Google Analytics. Analytics services help us understand how people use our websites. In some cases, these services are provided by companies that act as service providers for us, meaning that they do not use the information collected for their own purposes. In other cases, the company may combine information collected from users of our websites with information collected from other websites. You have the right to opt-out of having your data combined by these third parties. You can use our Cookie Management Platform to reject all non-necessary cookies. If you exercise your rights to tell us not to sell/share your information for online targeted advertising, we will also refrain from placing third party cookies on your browser.

Additional information about the third party analytics companies that collect data on our websites:

• To learn more and opt out of data collection through Google Analytics:
  https://support.google.com/analytics/answer/181881?hl=en

Our websites integrate with Social Media Platforms. Our websites may enable you to interact with us and others via social media platforms, such as Facebook, Twitter, YouTube, LinkedIn and Instagram. We may also allow you to login to our websites using social media platform credentials. While we respect each social media platforms' privacy policies, we may collect personal information about you and your friends if you choose to use these tools. If you engage with our content on or through a social media site, you may allow us to have access to certain information associated with your social media account (e.g., name, username, email address, profile picture).

Additionally, social media platforms collect persistent identifiers through your browser or mobile operating system, so they may collect information about your use of our websites. If you have previously provided personally identifiable information to these platforms, the platform operators may recognize you here. Your use of social network plugins is subject to each social media site’s privacy policy. For more information, please read the privacy policies posted by the social media platforms that you use.

We may also display interest-based ads to you when you are using social media platforms. These platforms allow us to personalize the ads that we display to you. We may convert your email address into a unique number which can be matched by the platform with its user to allow delivery of the advertising. You can opt-out of online targeted advertising by exercising Your Privacy Choices.

Your Privacy Choices

Welcome to the Ping Identity privacy rights portal. This page tells you how to exercise your privacy rights with respect to the personal information that we collect for our own business purposes.

• DO NOT SELL. You have the right to opt-out of our sale of your personal Information, however, Ping Identity does not sell your personal information for monetary consideration. To opt-out of sharing in connection with online targeting: Cookie Management Tool
• DO NOT SHARE. You have the right to opt-out of our sharing of your information for cross contextual behavioral advertising. To exercise this right: Cookie Management Tool
• ONLINE TARGETED ADVERTISING. You have the right to object to our use of your information for online targeted advertising. To exercise this right: Cookie Management Tool
• PROFILING AND AUTOMATED DECISION-MAKING. You have the right to object to our use of profiling and/or automated decision that significantly affects you, however, Ping Identity does not use any profiling or automated decision-making tools that significantly affect individuals.
• MARKETING OPT-OUTS. You have the right to opt-out of our marketing and commercial communications. To exercise this right:
  • To opt-out of emails, click the link labeled “unsubscribe” at the bottom of any email we send you.
  • To revoke permissions that you may have given to send text messages, text STOP in response to any message.

If you have more than one email address or if you have changed your email address, please email privacyrequests@pingidentity.com for assistance with changing your marketing preferences. You can also visit our Email Preference Center. Also, please note that even if you opt-out of commercial emails, we may still need to contact you with important transactional information about your account.

• SENSITIVE PERSONAL INFORMATION. California residents have the right to limit secondary uses and disclosures of sensitive personal information. In general, Ping Identity only uses and discloses sensitive personal information as needed to fulfill the purpose for which it was collected, but if you have provided us with sensitive personal information, please email privacy@pingidentity.com to request restriction of this information. You can learn more in our California Privacy Rights Supplement. Please note that exercising this right will not impact our continued use or disclosure of the information as permitted by California law.
• ACCESS REQUESTS. You have the right to request a copy of the personal information that Ping Identity maintains about you. To exercise this right, please complete this form. We will provide you with access to your information as required by law. In some cases, we may need to contact you to verify your identity.
• CORRECTION REQUESTS. You have the right to request that we update or correct your personal information. To exercise this right, please complete this form. We will process your request as required by law. In some cases, we may need to contact you to verify your identity.
• DELETION REQUESTS. You have the right to request that we delete or anonymize your personal information. To exercise this right, please complete this form. We will process your request as required by law. In some cases, we may need to contact you to verify your identity. Please understand that Ping Identity cannot delete personal information in those situations where our retention is required for our Ping Identity’s internal business purposes or otherwise permitted by law (such as for fraud prevention or legal compliance).
• INQUIRIES AND COMPLAINTS. You have the right to ask us about our privacy practices or to lodge a complaint if you believe that we have violated your privacy rights or failed to properly secure your personal information. To exercise these rights, please email your specific question or concern to privacy@pingidentity.com. We take all complaints seriously, and we will do our best to be responsive to your concerns.

Customer Data Privacy Statement

This privacy notice applies to the personal information processed by Ping Identity in the course of providing identity and access management solutions to our customers, (collectively, “Customer Data”). Ping Identity is committed to protecting the privacy and security of all Customer Data that we process as a “data processor” or “service provider/contractor” to its customers.

Please be assured that we only use personal information in Customer Data as needed to:

• Provide the products, content or services described in our customer contracts,
• Improve our products and for quality control, including to create anonymized and aggregated data sets for research and analytics, as permitted by our customer contracts,
• Prevent, detect or investigate data security threats and protect against malicious, deceptive, fraudulent or illegal activity, and
• Manage our everyday business needs, such as website administration, business continuity and disaster recovery, security and fraud prevention, corporate governance, reporting and legal compliance.

We do not sell, share or use Customer Data for targeted marketing purposes. This means that we do not select or deliver ads to you on our products platforms based on Customer Data. We may deliver generic or contextual ads to you while you use our products or platforms, but we do not target these ads based on your usage of our products or platforms over time.

All Customer Data may be disclosed to our customer. We may also disclose Customer Data with our affiliates, which only use the Customer Data for the purposes listed above, and with our service providers and contractors, who are bound by law or contract to protect the Customer Data and only use it as needed to provide the services requested. We will also disclose Customer Data when required by law, such as in response to a subpoena, including to law enforcement agencies and courts in the United States and other countries where we operate.

No mobile information, including text messaging originator opt-in data and consent, will be shared with third parties/affiliates for marketing/promotional purposes.

If you have questions about your privacy rights, please contact the company with whom you have a direct relationship. If you believe that Ping Identity has not handled your personal information properly, you may also contact the Ping Identity Privacy Office via email to privacy@pingidentity.com.

Supplemental Privacy Statements

You will find the following policies on our Supplemental Privacy Policy page:

• Additional Information for EEA, Swiss and UK Residents
• Additional Information for California Residents
• Ping Identity Career Center Privacy Statement