How does Ping Identity comply with the California privacy laws?

We have a comprehensive global privacy and security program to enable compliance with the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), as well as other applicable California privacy laws. Our policies, procedures, and controls are designed to reflect fair information principles, such as collection limitation, data quality and purposes specification, and provide the foundation for our enterprise privacy and data protection program.

Is Ping Identity a “service provider” or a “contractor” for CCPA purposes?

Yes. Ping Identity is a service provider and a contractor for CCPA purposes. Ping Identity acts a service provider when it processes customer data from our customer as needed to provide the enterprise identity and access management (IAM) products and related security solutions.

Ping Identity also acts as a contractor when it processes customer data for defined business purposes as permitted by California law. The specific business purposes are described below and also in our contracts.

What are the specific business purposes for which customer data are processed?

The specific business purposes for which Ping Identity may process customer data are:

• The provision of identity and access management solutions and related Ping Identity security products and services as described in the customer’s services agreement or other contract terms,
• The following defined business purposes as permitted by the CA Privacy Laws: auditing, ensuring security and integrity, debugging, short term transient use (including as needed to create deidentified data sets for research), performing services, internal research, and undertaking activities to verify or maintain the quality or safety of the Ping Identity’s products and services, and
• The other purposes explicitly permitted by CCPA, namely retaining other service providers and/or subcontractors, for internal use to build or improve the quality of our products and services, to prevent, detect and investigate data security incidents or protect against malicious, deceptive, fraudulent or illegal conducts, and for the purposes enumerated in CA Civ Code section 1798.145(a)(1)-(7).

Does Ping Identity retain, use or disclose customer data for any other purposes?

No. Ping Identity does not retain, use or disclose any customer data other than as permitted by California law. Our contracts explicitly prohibit us from retaining, using, or disclosing the personal information collected from customers or any other purposes.

Does Ping Identity “sell” or “share” customer data?

No. Ping Identity acts as a service provider and a contractor. Ping Identity does not sell customer data or share customer data for marketing or cross contextual behavioral advertising. Ping Identity only retains, uses and discloses customer data as described in our contracts and for those business purposes permitted by CCPA.

Do Ping Identity’s contracts address CCPA requirements?

Yes. Our customer contracts have been updated to include provisions of the CCPA Regulations. We are also monitoring the developments with the CCPA regulators and will further update contracts if necessary to incorporate new or different terms when the regulations are finalized. Legally mandated terms are also included in our contracts with our own service providers and contractors.

How does Ping Identity handle California privacy rights requests?

CCPA provides California consumers with important rights, such as the ability to request access to and deletion of their personal information. Ping Identity assists its customers in handling privacy rights requests for California as required by California law.

We have long supported our European customers that need to respond to requests under the EU GDPR, and we are committed to responding appropriately to customer requests for assistance with access, correction and deletion requests (as applicable) as required by law.

In the event that we receive a request from an individual in our capacity as a service provider or a contractor, we would refer the individual to our customer.

How can I contact Ping Identity about privacy matters?

We are always happy to receive privacy-related questions or comments. You can contact Ping Identity’s Global Privacy Office with any questions via email to privacy@pingidentity.com