Asgardeo takes Your privacy seriously. This privacy policy explains what information we collect when You visit https://wso2.com/asgardeo , https://console.asgardeo.io/ or https://myaccount.asgardeo.io/ and how we treat that information. Asgardeo is owned by WSO2 LLC. (“WSO2”) and whenever the terms “we” “us” or “our” appear in this policy, we’re talking about WSO2 and its subsidiary companies. When we use “You” and “Your” in this policy, we mean the person or entity visiting our site or using the services on it.
We may obtain information from other sources and combine that with information we collect through our services. For example if You create or log into Your account through one of our integration partners (such as Google or Github), we will have access to basic information from that sign-on service, such as Your email and account information.
When You create applications using Asgardeo, You may choose to integrate with various third party services (like messaging services, email or calendar services). In those scenarios, Asgardeo’s access to the third party service will be limited to performing the functions that You specify. Asgardeo doesn’t store any data that resides on these third party services nor does it access that data in any way outside of Your instructions. Asgardeo’s use of information received from Google APIs will adhere to the Google API Services User Data Policy.
If you visit our site in order to apply for particular careers vacancy or to get notifications of any future careers updates, then you may also be asked to upload your resume or curriculum vitae.
We also collect certain standard information that your browser sends to every website you visit, such as your IP address, browser type and language, access times, and referring website addresses.
We use the data we collect to,
We don’t sell Your information to anyone.
We do share Your information within the WSO2 group, because our affiliate entities also help provide our services. WSO2 LLC is located in the United States of America. Our affiliates are WSO2 (UK) Limited (located in the United Kingdom), WSO2 Lanka (Private) Limited (located in Sri Lanka), WSO2 Brasil Tecnologia E Software Ltda (located in Brazil), WSO2 Germany GmbH ( located in Germany) and WSO2 Australia Pty Limited ( located in Australia) and other entities we may add on our Contact Us page from time to time.
Data transferred from the European Union to the United Kingdom is on the basis of an adequacy decision issued by the EU commission with regards to data transferred to the United Kingdom. Data transferred from the European Union and United Kingdom to other affiliate entities located around the world is transferred on the basis of Data Transfer Agreements containing Standard Contractual Clauses set out by the European Commission and the United Kingdom. These clauses guarantee certain levels of physical, administrative and technical safeguards of Your data.
WSO2 has also certified to the US Department of Commerce that it adheres to the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov. However we do not currently rely on the Privacy Shield program for our cross border data transfers, in line with EU regulations.
We may share data with verified technology partners who provide additional services that enhance our services. Your information may also be visible to our service providers who help us run our platform and provide certain services, such as our customer support platform, marketing, analytics and CRM tools. They are only authorized to use information that is strictly relevant for them to perform their tasks, and we make sure that they are under obligations of confidentiality and security to us so that Your data is secure. Our hosting provider is Microsoft Azure. To see more details on how MS Azure protects Your privacy visit https://azure.microsoft.com/en-us/support/legal/. If You use our paid services, we also use a third party payment card processor. We don’t actually see any of Your payment card information and this goes directly to Your payment card processor.
We may also release Your information when we believe release is appropriate to comply with the law, enforce our privacy policy or protect ours or others’ rights, property or safety.
We will only collect and process personal data about You where we have lawful bases. Lawful bases include consent (where You have given consent on one of our forms), contract (where processing is necessary for the performance of a contract with You) and legitimate interests (such as to protect You, us, or others from security threats, comply with laws that apply to us and to administer our business through consolidated reporting, or marketing our services etc.) See the “WHAT ARE YOUR RIGHTS TO YOUR PERSONAL INFORMATION?” section below if You wish to withdraw Your consent or object to any processing of Your personal data.
We implement industry standard security safeguards designed to protect Your data. We encrypt all data at rest (including credentials/tokens to external systems). All our data transfers are done securely through encrypted channels using Transport Layer Security (TLS) technology. We regularly monitor our systems for possible vulnerabilities and attacks and conduct testing. However, we cannot warrant the security of any information that You send us. There is no complete guarantee that data may not be accessed, disclosed, altered or destroyed by breach of any of our physical, technical or administrative safeguards.
We store the information we collect about You for as long as is necessary for the purpose(s) for which we originally collected it. For instance, we may retain Your information during the time in which You have an account to use our website or services. We also may retain Your information during the period of time needed for WSO2 to pursue our legitimate business interests, comply with our legal obligations, resolve disputes, and enforce our agreements. At the end of these periods, we ensure that Your data is deleted securely using an industry standard methodology.
WSO2 acknowledges Your right to access Your data. If information pertaining to You as an individual has been submitted to us then You have the right to access, correct, or edit Your data. If You wish, we can provide all the personal information on our records to You or to someone You nominate in a portable format as well.
You can ask us to stop using all or some of Your personal data (e.g., if we have no legal right to keep using it) or to limit our use of it (e.g., if Your personal data is inaccurate or unlawfully held).
You may also choose to delete Your data from our website or service at any time You choose, and unsubscribe from any Asgardeo mailing lists You are on. You can unsubscribe from our emails by clicking on the unsubscribe link which is at the bottom of every marketing email we send. You can click on Your account within the Asgardeo user portal, which will let You do certain functions like updating your profile, managing consents, managing sessions, and, adding security to Your account or You can reach out to us at [email protected] if You wish to delete Your account.
We only ever retain Your personal data after You have ceased using our services, or sent us a request to unsubscribe or delete Your data if it is reasonably necessary to comply with our legal obligations (including law enforcement requests), meet regulatory requirements, resolve disputes, maintain security, prevent fraud and abuse, or fulfill Your request to “unsubscribe” from further messages from us.
When You choose to integrate certain functionalities with sites or applications outside of WSO2, you are bound by the terms of the particular site or application.
We reserve the right to amend this Privacy Policy at any time. We will not send individual email notifications on the updates. Any amendments will be posted on this page. You are therefore encouraged to visit this page periodically.
By using our website and services, You consent to our Privacy Policy and any revisions thereto. If You do not agree with our privacy policy or any changes we make to it, You may delete Your profile.
For further information about our privacy policy or any concerns or complaints, please contact our Data Protection Officer at [email protected] or for Asgardeo specific requests email [email protected].
If You are located within the European Union, the United Kingdom or the European Economic Area, WSO2 (UK) Limited will be the controller of Your personal data provided to, or collected by or for, or processed in connection with our services, unless specified otherwise in writing by us. If You have any issues with regard to Your data security on our website, then in addition to informing us, You also have the right to write directly to the independent data protection monitoring organization in Your country. Within the UK, this is the Information Commissioner's Office (ICO). The ICO is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals. Please do email our data protection officer at [email protected] if You have any issues, concerns or questions regarding Your personal data and we are happy to help.
California residents may view WSO2's California-specific privacy policy at https://wso2.com/california-privacy.
Effective October 7, 2021