Privacy Policy

Last updated: July 29th, 2024

This Privacy Policy describes how Swimlane Inc. (together with its affiliated companies, “Swimlane”, “we”, “our” or “us”) collects, stores, uses and discloses information associated with an identified or identifiable individual (“Personal Data”) when you use our websites (collectively, “Website”), software-as-a-service products and related services (collectively, “Product”), and any other interactions you may have with Swimlane such as attending our webinars and events, applying for a job, or communicating with us directly (collectively, “Services”).
Please note that you are not legally obligated to provide us with any Personal Data. If you do not agree with this Privacy Policy, please do not access or use our Website, Product, Services, or interact with any other aspect of our business.
If you have any questions or concerns about our use of your personal information, then please contact us using the contact details provided at the bottom of this Privacy Policy.

Table of Contents

1. Who do we collect Personal Data from?

Customer Personnel

We collect the Personal Data of individuals engaging with Swimlane on behalf of our Customers, including each user accessing and using our Product and procurement and billing personnel (collectively, “Users”).

Any Personal Data submitted by our Customers to our Product is processed by Swimlane in our capacity as a data processor, in accordance with Customer instructions and our SaaS Terms of Service and Software License Agreement and Data Processing Addendum. Please refer to Section ‎9 below for more information.

Prospects

We collect the Personal Data of prospective customers, channel partners or technology partners; individuals who interact with our website, social media accounts, digital ads and content, emails or communications under our control, job postings; and participants at our events (collectively, “Prospects”).

Partners and Vendors

We collect Personal Data relating to our channel partners, technology partners, service providers and vendors.

2. What Personal Data do we collect?

Swimlane collects the following categories of Personal Data in respect to the Services:

Information about you: We may collect any of the following: full name, email address, phone number, company name, job title, profile picture (avatar), login credentials from third-party authentication providers (user name and password), social media profile, contractual and billing details, and any other information submitted or otherwise made available to us by Customers, Users and Prospects. We may also collect your resume/CV and LinkedIn profile in connection with any job application you make through our website and/or social media accounts.

Communications: We collect your communications as part of any of the following: interactions through our website, social media channels, and event registration; surveys, feedback and testimonials that you complete; support requests, including voice call and video conference recordings (e.g., with our customer success personnel, technical support personnel, and professional services personnel), as well as written correspondences, screen recordings, screenshots, documentation and related information that may be automatically recorded, tracked, transcribed and analyzed, for purposes including analytics, quality control and improvements, training, and record-keeping purposes.

Usage and device information: We collect technical, connectivity and usage data, such as IP addresses and approximate general locations derived from such IP addresses, device and application data (like type, operating system, mobile device or app ID, browser version, location and language settings used); system logs of actions and events attributed to those IP addresses, devices and applications; the relevant cookies and pixels installed or utilized on your device; and the recorded activity (sessions, clicks, use of features, logged activities and other interactions) of Users and Prospects in connection with our Product, Services, and Website.

3. How do we use Personal Data?

Purpose of ProcessingLawful Basis
To provide our Product and Services to you, including processing and fulfilling transactions; enabling you to access the Product and our Services; operating, maintaining, and improving our Product and Services; communicating with you, such as by completing your support requests or providing security updates; and diagnosing, repairing, and tracking service and quality issues.Legitimate interests; Contract; Legal obligations
For our own business purposes, including maintaining internal business records and conducting internal reporting; collecting payments and performing accounting and similar business functions; auditing and managing projects related to our Product and Services; performing IT security management and IT-related tasks, such as administration of our technologies and network; evaluating and improving our business, Services, and Product; and performing research and development of new products and services; and processing your survey and questionnaire responses.Legitimate interests; Legal obligations
For legal, safety, or security reasons, including to comply with legal requirements; establish, exercise, or defend against legal claims; protect the safety, security, and integrity of our property and the rights of those who interact with us or others; investigate any content or conduct policy violations; and detect, prevent, and respond to security incidents or other malicious, deceptive, fraudulent, or illegal activity.These safety purposes may also involve collecting and processing special categories of personal data (i.e., health data), for office visits and events where necessary for public health or as required by applicable law.Legitimate interests; Legal obligations; Public interest
For marketing our Product and Services or those of third parties, such as our business partners, including to solicit or publish testimonials or feedback about our Product and Services; send you marketing and promotional communications or product recommendations (via email, phone, or other online and offline channels) about our Product and Services or those of third parties; facilitate your participation in a contest or event; assess ad impressions or engage in contextual ad customization.You may opt out of marketing communications by clicking the “unsubscribe” link at the bottom of our marketing communications or contacting us via email to [email protected]. Note that some of our marketing materials and information may use tracking technologies and analytics tools to help us understand your preferences. For further information, please see Section 7 below.Consent (where required by law); Legitimate interests
Corporate transactions, such as sales, mergers, acquisitions, reorganizations, bankruptcy, and other corporate events.Legitimate interests; Legal obligations
When you have voluntarily agreed to have your personal data processed.Consent

4. Who do we disclose Personal Data to?

Service Providers

Swimlane will not rent or sell your Personal Data to others but may disclose Personal Data with contracted third-party vendors and service providers that work with Swimlane and are contractually bound by confidentiality obligations. We will only share Personal Data with these vendors and service providers to help us provide Swimlane’s Product and Services. These include providers of third-party products, services, applications and tools used in connection with the Product and Services, including third-party applications which interoperate with the Product (“Third Party Services”); our hosting providers; data, security and fraud detection services; web analytics services; session or activity recording services; performance measurement services; billing and payment processing services; customer relationship and customer service management services; learning management services; support and ticketing services; video conferencing services; sales engagement services; content, lead generation and marketing services; social media services; hiring management services; and our legal, compliance, financial and other professional advisors and auditors. If you wish to receive a detailed list of our service providers, please contact us.

Customers and Other Users

Your Personal Data may be shared with our Customer in respect of which you are a User as well as other Users within the same organization.

Third Party Service Integrations

You may choose to integrate the Product with certain Third Party Services. Depending on the nature and purpose of such integration, a Third Party Service provider may receive and/or share relevant Personal Data with us about you. Note that we do not receive or store your passwords for any of these Third Party Services, but we do typically require your API key in order to integrate with them. Third Party Services are independent of Swimlane, and each Third Party Service provider has their own privacy policies and practices in place for its collection, use, and sharing of your Personal Data. Please check the permissions, privacy settings, and notices for these Third Party Services or contact the provider directly with any questions.

Channel Partners

We engage selected resellers, distributors, MSSPs, and other business partners in order to explore and pursue growth opportunities. In such instances, we may share certain relevant Personal Data with the respective channel partner to allow them to engage with those Customers for such purposes. If you directly engage with any of our channel partners, any aspect of that engagement which is not directly related to our Services and/or directed by Swimlane is not subject to the terms of this Privacy Policy, and is governed by the relevant channel partner’s terms and privacy policy.

Events

If you register to any event that we host, organize or sponsor, we may share your registration details with others, including the hosts, organizers, speakers, service providers and sponsors of that event, so that they may contact you with relevant information and offers related to the event.

Swimlane Affiliates

If Swimlane sells any part of its operations, Swimlane may transfer Personal Data in connection with the sale. If a sale does occur, Swimlane will attempt to notify you of the disclosure of your Personal Data.

Legal Compliance & Law Enforcement

We reserve the right to disclose information by law, litigation, or as a matter of national security to comply with valid legal process including subpoenas, court orders or search warrants, and as otherwise required by applicable law. We may also need to disclose Personal Data in the event of an emergency that threatens an individual’s life, health, or security.

5. Data retention

We will retain your personal information for as long as needed to fulfill the purpose for which we collected it and for a reasonable period thereafter in order to comply with audit, contractual, or legal requirements, or where we have a legitimate interest in doing so. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. We may retain aggregated or de-identified data indefinitely or to the extent allowed by applicable law. We may retain personal information preserved in automatically generated computer back up or archival copies generated in the ordinary course of our information technology systems procedures. Swimlane retains security-related data from the Customer and Users that includes, but is not limited to, Source IP, UserAgent and UserId via audit logs with which Swimlane retains for one (1) year after the date of termination of the Product and Services.

6. Security

Security of all information is of the utmost importance for Swimlane. Swimlane uses reasonable administrative, technical and physical safeguards to protect the security of your Personal Data from unauthorized disclosure. We also try to ensure that only necessary people and third parties have access to Personal Data. Nevertheless, such security measures cannot prevent all loss, misuse or alteration of Personal Data and we are not responsible for any damages or liabilities relating to any such incidents to the fullest extent permitted by law. Where required under law, we will notify you of any such loss, misuse or alteration of Personal Data that may affect you so that you can take the appropriate actions for the due protection of your rights. Swimlane also reviews its security procedures periodically to consider appropriate new technology and updated controls.

We require that our service providers and channel partners agree to keep all confidential information we share with them and to use the information only to perform their obligations in the agreements we have in place with them.

To learn more about our current practices and policies regarding security, please visit Swimlane’s Trust Center.

7. Cookies and similar technology

We, as well as certain service providers, utilize cookies and other similar technologies in our Services to assist us in collecting certain other information about you. We honor do not track signals and do not track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place. You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser settings. To learn more about our practices concerning cookies and tracking, and your opt-out controls and other options, please refer to our Cookie Policy.

8. International transfers of Personal Data

Swimlane may store information in the United States and other locations worldwide where we or our service providers have facilities. Where applicable, Swimlane relies upon an adequate mechanism for the international transfer of personal information. Specific to our Product, Swimlane provides a Data Processing Addendum to customers that incorporates the EU Standard Contractual Clauses (“SCCs”) unless (a) the data transfer destination has been recognized as providing an adequate level of data protection pursuant to the GDPR by competent data protection authority, or otherwise in a legally binding way, or (b) Swimlane has adopted an appropriate, under Applicable Laws recognized, adequacy mechanism ensuring an adequate level of data protection.

9. Swimlane as a Data Controller and Data Processor

Data protection laws and regulations, including the EU and UK General Data Protection Regulation (GDPR), and California Consumer Privacy Act (including the California Privacy Rights Act) (“CCPA”), make a distinction between the party determining the purposes and means of processing of Personal Data (the “data controller”, or “business” under the CCPA); and the party processing Personal Data on behalf of the data controller (or business) (the “data processor” or “service provider” under the CCPA).

With respect to Personal Data that Swimlane collects from its Customers, Users and Prospects as set forth in this Privacy Policy, Swimlane is a data controller.

With respect to Personal Data that Users submit when accessing and using our Product, Swimlane is a data processor.  We process Personal Data on behalf of our Customers (who are the data controllers of such Personal Data) in accordance with our Customers’ reasonable instructions and subject to our MSA and DPA. When using our Product, our Customers are solely responsible for determining how they wish to use our Services, and for ensuring that all Users, as well as all individuals whose Personal Data may be processed through the Product, have been provided with adequate notice and given their informed consent to the processing of their Personal Data, where such consent is necessary or advised, and that all legal requirements applicable to the collection, use or other processing of data through our Product are fully met by the Customer. Our Customers are also responsible for handling data subject rights requests under applicable law, by their Users and other individuals whose data they process through the Product.

If you would like to make any requests or queries regarding Personal Data we process as a data processor on our Customers’ behalf, including accessing, correcting or deleting your Personal Data, please contact us at [email protected].

10. Your rights as a data subject

You are entitled to exercise your privacy rights under data protection laws and regulations applicable to you, such as the EU and UK GDPR, CCPA, the Virginia Consumer Data Protection Act, the Colorado Privacy Act, the Connecticut Data Privacy Act, the Utah Consumer Privacy Act and any other applicable data protection law. These rights may include the following:

  • Your right to access Personal Data held by Swimlane. Your right of access may normally be exercised free of charge, however we reserve the right to charge an appropriate administrative fee where permitted by applicable law;
  • Your right to request that we rectify any Personal Data we hold that is inaccurate or misleading;
  • Your right to request the deletion of your Personal Data. Please note that there may be circumstances in which we are required to retain your Personal Data, for example for the purposes of legal claims and proceedings;
  • Your right to object to or to request restriction of the processing;
  • Your right to receive your Personal Data in a structured, commonly used and machine-readable format, and that you have the right to transmit that data to another controller (data portability);
  • Your right to object to profiling;
  • Your right to withdraw your consent at any time. Please note that there may be circumstances in which we are entitled to continue processing your data, such as if the processing is required to meet our legal and regulatory obligations. Please also be aware that the withdrawal of consent shall not affect the lawfulness of processing based on consent prior to withdrawal;
  • If you are protected by EU GDPR, you also have a right to request certain details regarding the transfer of your Personal Data outside of the EEA, it being clarified that any data transfer agreements and/or other details requested may need to be partially redacted for reasons of commercial confidentiality;
  • Your right to lodge a complaint with your local data protection supervisory authority. We ask that you please attempt to resolve any issues with us before you contact your local supervisory authority and/or relevant institution.

You can exercise your rights by emailing [email protected] or using Swimlane’s self-service data subject access request form available on our website (https://swimlane.com). You may use an authorized representative to submit a request on your behalf if you provide the authorized representative written permission signed by you. To protect your privacy, we require you to verify your identity before fulfilling your request. Subject to legal and other permissible considerations, we will make every reasonable effort to respond your request promptly in accordance with applicable law or inform you if we require further information in order to fulfill your request. When processing your request, we may ask you for additional information to confirm or verify your identity and for security purposes, before processing your request. We will not be able to fulfill your request unless you have provided sufficient information that enables us to reasonably verify that you are the individual about whom we collected the Personal Data, and that such data is processed on behalf of any of our Customers, so that we may forward it to such Customer for their further handling. Such additional information may then be retained by us for legal purposes (e.g. as proof of the identity of the person submitting the request, and of how each request was handled). We reserve the right to charge a fee where permitted by law, for instance if your request proves to be unfounded or excessive.

In the event that your request would adversely affect the rights of others (for example, confidentiality) or if we are legally entitled to deal with your request in a different way than initial requested, we will address your request to the maximum extent possible, all in accordance with applicable law. This may include redacting data which we make available to you.

If your request relates to Personal Data that is processed on our Customer’s behalf in our capacity as a data processor please note that it is the Customer who exclusively determines how Personal Data is processed, as well as if and how your request should be handled. We recommend that you submit your request directly to the relevant Customer.

11. Your rights under US privacy laws

We describe in this Privacy Policy, the categories of personal information we may collect and the sources of such information, and details of what we use your information for, and who we provide your information to, which includes “business purposes” under the CCPA and similar US state laws, as applicable. We also provide a description of our retention of Personal Data and the rights of data subjects in relation to the Personal Data that we collect.

We do not “sell” or “share” your Personal Data for the intentions and purposes of the CCPA, nor disclose personal information to any third party for their direct marketing purposes. We may disclose Personal Data to certain third parties, and allow certain third parties to collect Personal Data from our Services, as follows: (a) our service providers or partners who have agreed to our terms regarding retention, use, and disclosure of such Personal Data; (b) Third Party Service providers with whom you have integrated our Product; (c) third parties to whom we disclose your Personal Data on your instruction; or (d) any other third party as otherwise described in Section 4 above. You may also designate an authorized representative to request to exercise your privacy rights on your behalf. We will not penalize you by withholding our Services or providing a lower quality of service to you for requesting to exercise your rights under the law.

If you would like to exercise your rights under any applicable US Privacy Law or have any questions in this regard, please email [email protected].

California Residents Data Protection Rights

The California Consumer Protection Act (“CCPA”) provides consumers (California residents) with specific rights regarding the processing of their personal information.

  • Right to Know. You have the right to request information about the categories of personal data we have collected about you, the categories of sources from which we collected the personal data, the purposes for collecting the personal data, the categories of third parties to whom we have disclosed your personal data, and the purpose for which we disclosed your personal data. You may also request information about the specific pieces of personal data we have collected about you (“Specific Pieces Report”).
  • Right to Delete. You have the right to request that we delete personal data that we have collected from you.
  • Right to Correct. You have the right to request that we correct inaccurate personal data that we maintain about you.
  • Right to Opt Out of Sale or Sharing. We do not sell personal data to third parties in exchange for money. However, as we explain in Section 5, we share information with advertising partners and allow advertising partners to collect information from our Digital Properties. This exchange may be considered a “sale” or “sharing” under California law, and you have the right to opt out of this “sale” or “sharing” of personal data.

11. Supplemental information for other regions

  • Australia: Personal data collected, stored, used, and/or processed by Swimlane, as described in this Notice, is collected, stored, used, and/or processed in accordance with the Australian Privacy Act 1988 (Commonwealth) and the Australia Privacy Principles. If you are dissatisfied with our handling of a complaint or do not agree with the resolution proposed by us, you may make a complaint to the Office of the Australian Information Commissioner (“OAIC”) by contacting the OAIC using the methods listed on their website. Alternatively, you may request that we pass on the details of your complaint to the OAIC directly.
  • Canada: Personal data, as defined in the Personal Information Protection and Electronic Documents Act (“PIPEDA”) will be collected, stored, used, and/or processed by Swimlane in accordance with the Swimlane’s obligations under PIPEDA.
  • Nevada: We do not presently sell personal data as defined under Nevada law. If you are a Nevada resident, you may nevertheless email us using the information above to exercise your right to opt-out of sale under Nevada Revised Statutes §603A et seq.
  • New Zealand: Personal data collected, stored, used, and/or processed by Swimlane, as described in this Notice, is collected, stored, used, and/or processed in accordance with New Zealand’s Privacy Act 2020 and its 13 Information Privacy Principles (“NZ IPPs”).
  • Singapore: Personal data collected, stored, used and/or processed by Swimlane, as described in this Notice, is collected, stored, used, and/or processed in accordance with Swimlane’s obligations under the Personal Data Protection Act 2012 (“PDPA”).
  • United Kingdom: Personal data collected, stored, used, and/or processed by Swimlane, as described in this Privacy Notice, is collected, stored, used, and/or processed in accordance with Swimlane’s obligations under the UK Data Protection Act 2018, as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019, as amended, superseded or replaced (“U.K. GDPR”).

12. Children’s privacy

When it comes to the collection of personal information from children under 13, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, the nation’s consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online.

We do not specifically market to children under 13. If you are a parent or guardian of a minor child and believe that the child has disclosed online personal data to us, please contact us using the details provided.

13. Links to other websites

The Product, Website, or Services may contain links to other websites not operated or controlled by Swimlane, including social media services (“Third Party Sites”). The information that you share with Third Party Sites will be governed by the specific privacy policies and terms of service of the Third Party Sites and not by this Privacy Policy. By providing these links we do not imply that we endorse or have reviewed these sites. Please contact the Third Party Sites directly for information on their privacy practices and policies.

14. Changes to the privacy policy

We may update this Privacy Policy from time to time. When we do, we will post an updated version on this page, unless another type of notice is required by applicable law.

15. Contacting us

If you have any questions, inquiries, or complaints about this Privacy Policy or our privacy practices, please contact us at:

Swimlane

999 18th St.
Suite 2201N
Denver, CO 80202

[email protected]