Privacy Statement effective as of December 2, 2024
Proofpoint understands the importance of safeguarding your privacy and we take this responsibility very seriously. The Proofpoint Privacy Statement (“Privacy Statement”) is designed to help you understand how we process personal information, and how you can access and control this data.
Proofpoint, Inc., headquartered at 925 W. Maude Ave, Sunnyvale, CA 94085, (https://www.proofpoint.com/us/leadership-team) is responsible for the management of the personal data within its organization. Proofpoint offers a range of products and services to customers throughout the world and includes those offered by any of its affiliated companies (collectively "Proofpoint") through its applicable websites (the "Site") or in connection with our products and/or services (the "Proofpoint Service").
Proofpoint is a cybersecurity company specializing in helping organizations protect against advanced cybersecurity threats and compliance risks. The Proofpoint Service resides between the email service provider and customer, acting as a filter to stop harmful content from reaching its customers. Proofpoint is not an email service provider, meaning that we do not provide customers with the ability to send or receive emails. We are also not a domain host and do not manage domain names.
Access to the Proofpoint Service is provided to you through an organization with which you are affiliated, such as an employer or school. That organization controls your use of the Proofpoint Service and the data that is transferred to Proofpoint for processing. You may also provide personal information to Proofpoint through use of the Site, blogs, marketing requests, and use of the Proofpoint Service.
By proceeding to use the Site and/or the Proofpoint Service, you consent that we may process the personal data that we collect from you in accordance with this Privacy Statement.
Information We Collect and How We Use It Proofpoint uses the data we collect through manual and automated methods to protect you and your organization against advanced email threats. This includes:
- Providing our products, services, and customer support,
- Improving and enhancing our products and services, including our threat-detection capabilities,
- Continuing to develop threat intelligence to safeguard your organization’s important information,
- Advertising and marketing to you and/or representatives at your organization, and
- Delivering the superior privacy and cybersecurity protection that you expect of Proofpoint.
Contact Information You Give Us
You may directly give us your contact information in the following ways: (i) if you sign up for a free trial via www.proofpoint.com, (ii) sign up for offers on the Site, (iii) sign up for newsletters, (iv) download white papers from the Site, (v) respond to a promotion offered by a Proofpoint partner, or (vi) send us an email. Such contact information includes first and last name, title, company name, industry type, mailing address, telephone number, fax number, email address and company size ("Contact Information"). We may also collect information about your mailbox size, which will allow us to classify your company by size and provide customized information about implementing the Proofpoint Service within your organization. We may combine your Contact Information with information collected from others to improve the quality and value of the Proofpoint Service and to analyze and understand how our Site is used.
We will use the Contact Information provided to us directly by you to: (i) carry out our obligations arising from any contracts between you and Proofpoint; (ii) provide you with the services, products, and/or information which you have requested from us; (iii) notify you about changes to our services or products; and (iv) ensure that content from our Site is presented in the most effective manner for you and your device. We may also use your Contact Information to contact you with certain marketing or promotional materials, as well as other information that may be of interest to you. If you no longer consent to our use of your Contact Information to send you our newsletter or other communications, please send us an email stating so to privacy@proofpoint.com or follow the unsubscribe instructions provided in any of the communications.
We will retain your information for as long as your account is active or as needed to provide you the Proofpoint Service. If you wish to cancel your account or request that we no longer use your information to provide you the Proofpoint Service, please contact us at privacy@proofpoint.com. Please note that we may still retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Personal Data You Post On Our Blog
If you use the blog on this Site, you should be aware that any personal data you submit there can be read, collected, or used by other users of these blogs, and could be used to send you unsolicited messages. We are not responsible for the personal data you choose to submit in these blogs. To request removal of your personal data from our blog, contact us at privacy@proofpoint.com. In some cases, we may not be able to remove your personal data, in which case we will inform you if we are unable to do so and why.
Customer Testimonials We Collect From You
We may post customer testimonials/comments/reviews on our Site which may contain personal data. We will not post a testimonial from you without obtaining your prior consent.
Log Data and Personal Network Information We Collect From You
When you visit the Site, we automatically collect technical and statistical data about your visit, such as your browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data, the pages you visit and any search terms you use ("Log Data"). We also collect your public IP address when you visit the Site. We may use your public IP address in order to determine whether certain requests are fraudulent or frivolous and we may automatically cross-reference your public IP address with your domain name (usually the domain name of your ISP or employer). Because you may be visiting the Site from your personal residence (for example, because you are telecommuting), your IP address and any associated domain name are treated as "Personal Network Information" instead of Contact Information. Log Data does not include Personal Network Information. Although such Personal Network Information may be used to administer and maintain the Site, it is not shared with any third parties, except as described below in the sections titled "Service Providers," "Compliance with Laws and Law Enforcement" and "Business Transfers." We will use Log Data for any purpose.
We may also use your Log Data and Personal Network Information to: (i) administer our Site and for internal operations, including troubleshooting, data analysis, testing, research, statistical, and survey purposes; (ii) improve our Site to ensure that content is presented in the most effective manner for you and for your device; (iii) allow you to participate in interactive features of our service, when you choose to do so; and/or (iv) as part of our efforts to keep our Site safe and secure.
Legal Basis For Processing Personal Information (EEA visitors only)
Our Site contains links to other websites. If you click on a third-party link you will be directed to that third party's website. We do not exercise control over third-party websites. These other websites may place their own cookies or other files on your computer, collect data or solicit personally identifiable information from you. This Privacy Statement addresses the use and disclosure of information that we collect from you through this Site. Other sites follow different rules regarding the use or disclosure of the personally identifiable information you submit to them. We encourage you to read the privacy policies or statements of the other websites you visit. The fact that we link to a website is not an endorsement, authorization, or representation of our affiliation with that third party, nor is it an endorsement of their privacy or information security policies or practices.
Aggregated Information
After removing any information that would personally identify you from within the set of Contact Information, Personal Network Information, and Log Data we collect from you, we may combine that information with information we collect from other Proofpoint users and customers (collectively, the "Aggregated Information") to improve the quality and value of Proofpoint Services and to analyze and understand how our Site is used.
Cookies / Tracking Technologies
Proofpoint and our partners, affiliates, analytics, or service providers use cookies and other similar technologies.
We use cookies and similar technologies for storing your preferences and settings, enabling user sign in, to pre-fill a contact form should a user engage with Proofpoint marketing collateral, analyzing trends, authentication, administering the site, analyzing how our products perform, and fulfilling other legitimate purposes. We may receive reports based on the use of these technologies by our analytics or service providers on an anonymous individual as well as aggregated basis. Proofpoint does not use cookies or other similar technologies for targeted advertising.
Users can limit and control the data collected by cookies or other similar technologies at the individual browser level. If you reject cookies, you may still use our Site, but your ability to use some features or areas of our Site may be limited.
Behavioral Targeting / Re-Targeting
We partner with a third party to either display advertising on our Site or to manage our advertising on other sites. Our third-party partner may use technologies such as cookies to gather information about your activities on this Site and other sites to provide you advertising based upon your browsing activities and interests. If you wish to not have this information used for the purpose of serving you interest-based ads, you may opt-out by going to https://optout.networkadvertising.org (or if located in the European Union please go here https://www.youronlinechoices.eu). Please note this does not opt you out of being served ads. You will continue to receive generic ads.
The Proofpoint Service
The Proofpoint Service is designed to protect and secure our customers from malicious attacks such as phishing, targeted impersonation, ransomware, keylogging, and remote access trojans (RATs). The Proofpoint Service employs a variety of techniques such as threat prevention, detection and analysis, fraud prevention, regulatory and compliance archiving, and cyber security awareness training to protect our customers and their data. Depending on the Proofpoint Service, we may process the following types of personal data: user names, email addresses, IP addresses, phone numbers, message content of an SMS, MMS, or RCS message reported by you as spam, social media account login credentials, and user information such as department, job position and location.
Information Sharing and Disclosure
Proofpoint may share your personal data with your consent, or to provide the products and services requested by your organization. We may also share information as required by law, to maintain the security of our products and services, and to protect the rights and property of Proofpoint and/or its customers. If you have questions or concerns regarding the information shared as set forth in this Privacy Statement, please contact our Customer Support at privacy@proofpoint.com.
Marketing Purposes
Where you have consented, we may from time to time share your Contact Information (name, email address, phone number) with our authorized channel partners so that they can provide you with information on goods or services that may be of interest to you. You can, at any time, update your information and/or opt out of receiving such communications by making your choice known on the form on which we collected your data or by filling in your information and modifying "your communication opt out preferences." Before we share personal information, we enter into written agreements with recipients which contain data protection terms that safeguard your data.
Analytics Purposes
We may share Aggregated Information (after removing information that would personally identify you) and Log Data with third parties for industry analysis, demographic profiling, and other purposes.
Service Providers
With your consent, or the consent of the organization through which you are accessing the Proofpoint Service, we may from time to time use certain third-party business partners, suppliers, and sub-contractors (including companies and individuals) to perform services, complete transactions, or provide the Proofpoint Service requested by your affiliated organization. This may include, but not be limited to, website hosting, maintenance services, database management, Web analytics, and improvement of the Site's features (“Service Providers”). These Service Providers have access to your personal data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
Proofpoint remains liable under applicable law for the processing of your data. If you are routed or otherwise make any web-browsing selection that takes you to another party's website, you will be subject to the terms of such third-party privacy statement for any activities that you conduct while on that third-party service.
Compliance with Laws and Law Enforcement
Proofpoint cooperates with government and law enforcement officials and private parties to enforce and comply with applicable law. We may disclose your personal data to government or law enforcement officials or private parties in response to lawful requests if we are under a duty to disclose or share your personal data in order to comply with any legal obligation (such as to meet national security or law enforcement requirements) to enforce or apply our terms and conditions or respond to claims and legal process, to protect the property and rights of Proofpoint or a third party, to protect the safety of the public or any person, or to prevent or stop any illegal, unethical or legally actionable activity (including for the purposes of fraud protection and credit risk reduction). For further information, please refer to the Information Disclosure Statement maintained on our Trust site.
Business Transfers
If Proofpoint is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our Site of any change in ownership or uses of your personal data, as well as any choices you may have regarding your personal data.
Access and Control of Your Information
Proofpoint is committed to maintaining the privacy and security of personal data entrusted to us. You can control the type of information your share directly with Proofpoint and can request that we stop using or sharing that data by contacting our Customer Support at privacy@proofpoint.com.
You have rights to access your personal data under applicable data privacy laws and may correct, amend, or delete the information under certain conditions. Upon request, Proofpoint will provide you with information about whether we hold any of your personal information. If you would like to exercise your right to access, correct, update, or delete your information, please contact our Customer Support at privacy@proofpoint.com. We will respond to your request to access within a reasonable timeframe.
In some cases, your ability to access or control the personal data may be limited by applicable law, contract, or the product you are using. If you seek to access and control the personal data provided to us by your organization, you may contact us at the links provided in this document or our Trust site, or your affiliated organization (the data controller). Please note that Proofpoint has no direct relationship with the individuals whose personal data it processes at the direction of the affiliated organization and reserves the right to contact your organization regarding any requests you may submit to Proofpoint to access, control, or delete the data.
Data retention
Proofpoint retains the personal information it collects from you where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax, or accounting requirements).
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
Security & International Transfer
Proofpoint is a multi-national corporation with cross-border technical systems, intra-group relationships and business processes. If you are located outside of the United States and provide personal data to us, Proofpoint may transfer your personal data to the United States and use it there in accordance with this Privacy Statement.
Proofpoint employs generally accepted standards of administrative, physical, procedural, and technological measures designed to protect your information from unauthorized access, both during transmission and once it is received. If you have any questions about the security of your personal information, you can contact us at privacy@proofpoint.com.
However, please note that no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, although Proofpoint complies with its legal obligations in respect of the security of your personal data, we cannot guarantee its absolute security.
Data Privacy Framework
Proofpoint and its subsidiaries certified to the U.S. Department of Commerce that they adhere to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Proofpoint and its subsidiaries certified to the U.S. Department of Commerce that they adhere to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland under the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov.
Certification with the Data Privacy Framework means that data can transfer from the EU to the US without the need for further safeguards, including, without limitation, the Standard Contractual Clauses (SCCs).
Proofpoint and its subsidiaries are responsible for the processing of personal data they receive, under the EU-U.S. DPF, DPF, the UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF, and subsequently transfers to a third party acting as an agent on its behalf. Proofpoint and its subsidiaries comply with the EU-U.S. DPF Principles and the Swiss-U.S. DPF Principles for all onward transfers of personal data from the EU, UK, and Switzerland, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Data Privacy Framework, Proofpoint, Inc. may be subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Proofpoint, Inc. may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Under certain conditions, more fully described on the Data Privacy Framework website https://www.dataprivacyframework.gov, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Proofpoint and its subsidiaries commit to cooperate and comply with the advice of the panel established by the EU data protection authorities (DPAs), the UK Information Commissioner’s Office (ICO) and the Gibraltar Regulatory Authority (GRA), and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF in the context of the employment relationship.
Links to Other Sites
Our Site contains links to other websites. If you click on a third-party link you will be directed to that third party's website. We do not exercise control over third-party websites. These other websites may place their own cookies or other files on your computer, collect data or solicit personally identifiable information from you. This Privacy Statement addresses the use and disclosure of information that we collect from you through this Site. Other sites follow different rules regarding the use or disclosure of the personally identifiable information you submit to them. We encourage you to read the privacy policies or statements of the other websites you visit. The fact that we link to a website is not an endorsement, authorization, or representation of our affiliation with that third party, nor is it an endorsement of their privacy or information security policies or practices.
Social Media Widgets
Our Web site includes Social Media Features, such as the Facebook Like button and Widgets, such as the Share this button or interactive mini-programs that run on our site. These Features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the Feature to function properly. Social Media Features and Widgets are either hosted by a third party or hosted directly on our Site. Your interactions with these Features are governed by the privacy statement of the company providing it.
Our Policy Toward Children
This Site is not directed to children under 18. If a parent or guardian becomes aware that his or her child has provided us with personal or contact information without their consent, he or she should contact us at privacy@proofpoint.com. If we become aware that a child under 13 has provided us with personally identifiable information, we will delete such information from our files immediately.
Our Global Candidate Privacy Notice
For information on how Proofpoint collects and uses the personal data we collect from employees, external staff and candidates, review our Global Data Privacy Notice for Employees, External Staff and Candidates, available here.
Proofpoint's Trust Site
Proofpoint is committed to the security and privacy of personal data. We maintain a Trust site at https://www.proofpoint.com/legal/trust where additional information about the security measures and procedures applicable to each Proofpoint Service may be found. Proofpoint’s customers will also find on the Trust site a GDPR data processing agreement (including the EU’s Standard Contractual Clauses) for review, download and execution.
Contacting Us
If you have any enquires or complaints about how we use your personal data, please contact us at:
Proofpoint, Inc.
Attn: Data Privacy Officer
925 W. Maude Ave.
Sunnyvale, CA 94085
Email: privacy@proofpoint.com
In the EU, the data controller of your personal information is Proofpoint Limited, which is registered with the Information Commissioner’s Office in the UK. You may also make an anonymous report by using the EthicsPoint hotline, which is hosted on EthicsPoint's secure servers and is not part of the Proofpoint, Inc. website or intranet.
Changes to this Privacy Statement
We may modify this Privacy Statement from time to time to reflect changes to our information practices, so please check back frequently. Any changes to this Privacy Statement will be posted on this page, and, where appropriate (for example, if there are material changes to this statement), we will notify you by email or by means of a notice on our home page.
In this statement, "using" and "processing" information includes using cookies on a computer, subjecting the information to statistical or other analysis and using or handling information in any way, including without limitation collecting, storing, evaluating, modifying, deleting, using, combining, and transferring information within our organization or among our affiliates within the United States or internationally.
© 2024. All rights reserved. The content on this site is intended for informational purposes only.
Last updated December 02, 2024.