Summary of Updates to SecureAuth Privacy Notices

Privacy Shield Privacy Notice

Summary of updates from January 31, 2023

We have updated our Privacy Shield Privacy Notice to make it easier to understand, but also to provide additional detail and introduce some more substantive changes. With these changes, we hope that you can easily find all the information that you need to understand how we treat your personal data. The changes compared to the version from January 6, 2021 are outlined below.

Key Changes:

Personal data we process. We have included that we process the following additional categories of personal data:

1. Professional information (company/employer);
2. Information about the usage of our services (services metadata, log data, messages, and the date and time the services are used);
3. Information about the user’s device (device type, unique device identifier, operating system, settings, application ID, crash data, browser type and settings, and host address);
4. Location information (from IP addresses); and
5. Information from cookies and other trackers, and any personal data received from other companies’ services.

How we obtain personal data. Previously we stated that we receive your personal data while providing our services to our customers. We have updated the notice to mention that we also receive your personal data from providers of third-party services that integrate with our services, when it is submitted to our websites, when you participate in a focus group, contest, activity, or event, apply for a job, ask for support, interact with our social media, or when you otherwise communicate with us.

The purposes of processing personal data. Our main purpose of processing personal data is to provide our services to our customers. We have now specified more of the purposes that involves, in particular: providing, updating, and maintaining our services, complying with laws, communicating with you, developing additional features, administering and billing accounts, and preventing security issues and abuse.

Who we share personal data with. We have added that, in addition to the previously mentioned types of third parties we usually share personal data with, we also share personal data with marketing software providers.

Privacy Shield. We have clarified that we continue to adhere to the Privacy Shield Principles, but no longer rely on the Privacy Shield for transfers of personal data from outside the EEA, the United Kingdom, or Switzerland. For transfers of personal data subject to the laws of the EEA, the United Kingdom, and Switzerland, we use the latest standard contractual clauses adopted by the European Commission.

How to contact us. We have inserted additional contact details that you can use if you have any questions or concerns about how we process personal data:

• Contact Paul Kincaid, our VP, Information/Product Security & DevOps, by email at privacy@secureauth.com.
• Call us on 1-866-859-1526.