Updated December 30, 2019
At Palo Alto Networks we believe that privacy is important for our customers’ trust.
Our privacy practices are informed by key principles:
Accountability. We are responsible for the protection of Personal Information entrusted to us.
Transparency and Control. We inform customers when we collect their Personal Information and we honor their preferences for contacting them.
Third Parties processing our information. We choose trustworthy vendors and suppliers to process our Personal Information and we require them to commit to adequate privacy and data security standards. We require our partners to commit to privacy policies and standards that we consider adequate.
Privacy by Design. We apply privacy requirements and the principles of our Privacy Policies when designing our products and when implementing new technologies internally.
Data Integrity and Proportionality. We collect Personal Information to use it for specific and legitimate business purposes. We collect what we need to get the job done, we store it safely and accurately and we retain it as needed for its intended purpose.
Customer Benefit/Value for Customers. We share with our customers the benefits/value we derive from processing their Personal Information
Security. We implement technical, organizational, and physical security measures to ensure an appropriate level of security of the Personal Information we process.
This privacy statement applies to our online privacy practices and it may apply to our offline data collection, if we refer to this statement. It tells you which information we collect when you visit Palo Alto Networks’ websites (“Sites”), and how we use it.
If you use our products, other privacy disclosures and information apply. Review our Product Privacy Datasheets at https://www.paloaltonetworks.com/resources/datasheets/product-privacy-datasheets.
For GDPR-related questions and documentation, please click here
Information we collect
When you visit our Sites, for instance to request information, sign up for newsletters, request online product demonstrations, download a whitepaper, register for webcasts or events, register an opportunity, activate an app from our Cloud Services Portal, post comments in our LIVE Community, register a product and enroll in customer support, or to propose your products and services as a vendor, we collect and we ask you to provide information about yourself ("Your Information") that may include:
- Contact details, including your name, business address, business e-mail address, phone number, the company you work for, your job title or business role, your area of responsibility, your country or region;
- User ID and password, if you establish an account with us;
- Chat information, you provide when interacting online with our sales team or customer service;
- Information about your computer or device, including browser type and settings;
- Log data, including information such as your computer's IP address, the webpage you were visiting before you came to our Site, pages you visit on our Site, time spent on those pages, information you search for on our Site, access times and dates, and other statistics;
- History of interaction with our webpages and LIVE Community and traffic data relating to your Internet connection;
- Other information that does not specifically identify you, such as actions taken on our websites.
Providing your data is optional, but it may be necessary for certain services, such as product registration, to access content, such as whitepapers, to activate or access an app or a cloud service, or to qualify your suitability as a vendor. In such cases, if you do not provide your information, we may not be able to provide you with the requested services.
If you visit our Sites to apply for a job at Palo Alto Networks, our Career portal will display the applicable privacy notice.
How we use Your Information
We use Your Information mainly to interact with you, to provide you with support services, to make it easy to navigate our Sites, to improve our Sites and our products, and to offer you Cortex apps and services from the Cloud Services Portal, content and services that might interest you.
We use Your Information as follows, where the processing is necessary to establish or administer our agreement with you:
- Create a single sign on for access to your Palo Alto Networks online account, our portals, and our online community;
- Verify your identity and entitlement to products or services, when you contact us or access our services;
- Allow you to register products or services purchased on behalf of your company;
- Allow you to activate and access Cortex apps on our Cloud Services Portal;
- Communicate with you regarding support services and provide you with critical service updates;
- Allow you to register opportunities;
- Provide you with technical and customer support, and enable the provisioning of services;
- Register you for events;
- Determine your qualifications and suitability as a vendor, and make decisions to purchase goods or services from you;
- Determine the entity you are connecting from.
We use Your information as follows, where the processing is based on our legitimate business interests to communicate with you and improve users' experience, improve our products and services, protect our security, and defend our legal rights:
- Subscribe you to newsletters, and manage your subscriptions and preferences;
- Call you or e-mail you with updates and marketing as described in this statement;
- Evaluate our marketing campaigns and sales opportunities;
- Solicit your opinion or feedback;
- Research and implement product improvements and product updates;
- Evaluate and improve the quality of our products, services and Sites;
- Provide you with a customized experience when you visit our Sites;
- Determine the effectiveness of our banner ads;
- Secure our systems and applications;
- Enforce our legal rights and comply with legal requirements;
- Monitor, administer, and analyze use of the Sites; increase our Site's functionality and user-friendliness.
We may also use Your information where processing is necessary for us to comply with legal obligations, including responding to legal process or lawful requests. Lastly, we may use your information with your consent, where required by applicable law.
Contact Us - Your Rights
Palo Alto Networks Inc., in Santa Clara, California, US, is the controller of your Personal Information.
If you have questions or concerns about this Privacy Statement or our privacy and security practices you can send an e-mail to firstname.lastname@example.org.
You have the right to request access to Your Information and to rectify it, to object to data processing, to request the erasure of Your Information, and to withdraw your consent. You can exercise your rights by sending an email to email@example.com or by clicking here.
You also have the right to lodge a complaint with the competent Data Protection Authority.
Information from third parties
Third parties may provide us with information about you from online and offline sources. We may combine such information with the information we already have about you, to provide you with a better experience, to determine your interest in our products, and to improve the quality of our offerings. For instance, we may use third party web analytics tools to pool together contact information collected through any of our forms or email campaign with contact information provided by you via opt-in on other websites form or email – to identify you when you visit our websites.
We may also aggregate Your Information with information collected from other website visitors, to generate statistics, and analyze and understand how visitors use our Sites.
We use Your Information to contact you with Palo Alto Networks' newsletters, marketing, promotional materials, and other information and products that may be of interest to you, including personalized predictive recommendations. This may include using demographic, geographic, firmographic or trend data provided by third parties, where permitted. Contact details, including phone numbers and email addresses, may be used to contact you.
If you do not want us to e-mail you, you can choose not to give your permission on the webpages and/or forms with which we collect Your Information. Please note that in some regions this may involve un-checking a box.
At any time, if you no longer wish to receive communications from us, you can unsubscribe by following the unsubscribe instructions provided in the communication, or by updating your e-mail subscriptions at https://www.paloaltonetworks.com/company/subscriptions, or by sending a message to firstname.lastname@example.org.
There are different ways you can prevent tracking of your online activity. One of them is setting a preference in your browser that alerts websites you visit that you do not want them to collect certain information about you. This is referred to as a Do-Not-Track (“DNT”) signal.
Please note that our websites may not recognize or react in response to DNT signals from Web browsers. At present, there is no universally accepted standard for what a company should do when a DNT signal is detected. In the event a final standard is established, we will assess how to appropriately respond to these signals.
Palo Alto Networks Blog
If you choose to post comments on the Palo Alto Networks Blog, accessible at http://researchcenter.paloaltonetworks.com/ (the "Blog"), be aware that other users of the blog will see your name, website, and the content of your comments, and may interact with you in response to your comments. Using our Blog may be subject to additional terms.
Palo Alto Networks Inc. (“Palo Alto Networks”) complies with the EU-US Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, the United Kingdom, and Switzerland to the United States. We remain liable under the Privacy Shield Principles if third-party agents that we engage to process the personal data on our behalf do so in a manner inconsistent with the Privacy Shield Principles, unless we prove that we are not responsible for the event giving rise to the damage. To learn more about the Privacy Shield program and to view our certification, please visit www.privacyshield.gov.
If you have a question or complaint related to participation by Palo Alto Networks in the EU-U.S. or Swiss-U.S. Privacy Shield, you may contact us at Privacy@paloaltonetworks.com.
For any complaints related to the Privacy Shield Frameworks that Palo Alto Networks cannot resolve directly, we have chosen to cooperate with the relevant EU Data Protection Authority established panel, for resolving disputes with EU individuals and the Swiss Federal Data Protection and Information Commissioner (FDIC), for resolving disputes with Swiss individuals. Please contact us if you’d like us to direct you to your data protection authority contacts. As further explained in the Privacy Shield Principles, binding arbitration is available to address residual complaints not resolved by other means. Palo Alto Networks is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).
If there is any conflict between the terms in this Privacy Statement and the Privacy Shield Principles, the Privacy Shield Principles shall govern.
Information Sharing and Disclosure
We do not sell, lease, rent or give away Your Information. We only share Your Information as described below, with our affiliates, business partners, service providers that process information on our behalf, and law enforcement. If we share Your Information, we require those we share it with to comply with appropriate privacy and confidentiality requirements, and security standards.
Palo Alto Networks is a global company, with affiliates in many countries. To conduct our business, Your Information may be transferred to Palo Alto Networks in the United States, or to subsidiaries of Palo Alto Networks, which may be in Europe, in the Middle East, Africa, Asia Pacific or Japan. Transfers will occur in compliance with applicable requirements. If you are in the European Union and Your Information is transferred to a country not approved by the EU Commission as providing adequate protection for the rights and freedoms of data subjects, Your Information will be protected using data transfer agreements based on the EU Standard Contractual Clauses or another approved data transfer mechanism.
We may share Your Information with our business partners and channel partners so that they can provide you with information on our products or services, or follow up on a sales lead. If you do not wish to receive promotional emails from our partners, you can unsubscribe directly in the footer of the partner’s email to you.
Entities processing data on our behalf.
We may employ third party companies and individuals to provide services associated with the Site, to perform Site-related services (e.g., without limitation, maintenance services, database management, web analytics, and improvement of the Site's features), to analyze use of our Site or to conduct marketing activities on our behalf (e.g., email management firms and internet advertising platforms, etc.), to perform collection services, to deliver requested goods and services to you. We do not allow Service Providers to share Your Information with others without our authorization, or to use it for their own purposes.
We may also share non-Personal Information (such as aggregated usage data and demographics, referring pages, platform types, click counts, etc.) with third parties to help us understand usage patterns for our services, etc.
Government and Law Enforcement.
We may only disclose personal information to any law enforcement agency or governmental agency including to meet national security or law enforcement requirements, in response to:
- A subpoena, warrant or other process issued by a court of competent jurisdiction;
- A legal process having the same consequence as a court-issued request for information, in that by refusing to provide such information, we would be in breach of local law, and we or our officers, executives or employees would be subject to liability for failing to honor such legal process;
- Where such disclosure is necessary for us to enforce our legal rights pursuant to the laws of the jurisdiction from which such information was gathered; or
- Where such disclosure is necessary to prevent or lessen a serious and imminent threat of bodily harm to the data subject.
Palo Alto Networks may sell, transfer or otherwise share some or all its assets, through a merger, acquisition, reorganization or sale of assets or in the event of bankruptcy. In such events, customer information is usually one of the business assets transferred. If we are acquired, a substantial portion of our assets is sold, or experience some other change in control, Your Information may be part of the assets acquired by or transferred to a third party. We will notify you of any such deal and outline your choices in that event.
The security of Your Information is important to us. We use appropriate technical and organizational security measures to protect Your Information from misuse, unauthorized or unlawful access or disclosure, loss, alteration, damage or destruction. These measures include:
Physical safeguards, with locked doors and file cabinets, controlled access to our facilities and secure destruction of media containing Your Information.
Technology safeguards, like the use of anti-malware, encryption, monitoring of our systems and data centers, firewalls, encrypted channels, and secure communications software, to safeguard the confidentiality of Your Information.
Organizational safeguards, like training and awareness programs on security and privacy, to make sure employees understand the importance and means by which they must protect personal information. Our organization privacy policies and standards also guide our handling of Your Information.
Our websites are not directed to children under 13 and we do not knowingly collect personal information from them.
Notification of Changes
This privacy statement may be changed or updated from time to time. We will post the date of the changes at the beginning of this statement. Please check this privacy statement from time to time to make sure that you are aware of our current privacy practices.