Privacy

SPECIAL NOTE ON PRIVACY SHIELD:

LogMeIn is aware of the European Court of Justice’s decision with respect to the EU-U.S. Privacy Shield Framework and is actively monitoring the situation.

Key Points: LogMeIn’s privacy program and contracts have been designed to account for shifts in the regulatory landscape to avoid impacts to our ability to provide our services to you. The EU-U.S. Privacy Shield Framework was just one (of several) mechanisms that LogMeIn relied on to lawfully transfer personal data. If you previously executed LogMeIn’s Data Processing Addendum (“DPA”) and accompanying Standard Contractual Clauses (“SCCs”), no further action is required, and you can continue to enjoy our services in the same manner and fashion as before. If you still need to execute the DPA and SCCs, please click here.

Details: We will evaluate whether any changes may be necessary to continue to support global customers and the processing of personal information from and to the European Union (“EU”) and European Economic Area (“EEA”). In the meantime, it is important to note that, while this decision has invalidated the EU-U.S. Privacy Shield Framework, other data transfer mechanisms already in use by LogMeIn to ensure the privacy and protection of customer data, including, but not limited to, the SCCs (part of LogMeIn’s global DPA) remain a valid means of transfer. In addition, LogMeIn continues to have robust safeguards, mechanisms, and contractual terms, above and beyond the SCCs, including:

  • A comprehensive global DPA that includes and supplements the SCCs, in line with Article 28 of the GDPR, to ensure an adequate level of protection for LogMeIn’s customers, users, and end-users;
  • Participation in and submission to additional voluntary privacy frameworks, including the APEC CBPR and PRP, which demonstrate LogMeIn’s commitment to guidelines such as those of the Organization for Economic Co-operation and Development (“OECD”) and similar guidelines which underpin modern European privacy law;
  • A global privacy program which strives to afford all of its users with the same types of rights as those of its European data subjects and customers; and
  • A robust Trust and Privacy Center, which provides any visitor, including LogMeIn customers, users, and end-users, with information regarding LogMeIn’s data protection practices in a transparent manner.

Additional Frequently Asked Questions (“FAQ”) on Transfers Outside the EU and EEA: Please see LogMeIn’s FAQ for additional information about LogMeIn’s transfer of data outside the EU and EEA, which has been designed to guide any “case-by-case” analyses recommended by the European Court of Justice.

At LogMeIn, we truly value the privacy of our customers, users, and end-users, and will continue to evaluate and modify our practices as needed to keep pace with the evolving regulatory landscape.


What is GDPRAs a global company with users in nearly every country around the world, we are committed to implementing and maintaining a global data privacy program designed to protect the personal and confidential information entrusted to us by our customers, users and their end-users. You can learn more about our privacy program below.

To execute LogMeIn’s Data Processing Addendum (or “DPA”), please click here.

TRANSFER FRAMEWORKS

Standard Contractual Clauses

The Standard Contractual Clauses (or “SCCs”) are standardized contractual terms, recognized and adopted by the European Commission, whose primary purpose are to ensure that any personal data leaving the EEA will be transferred in compliance with EU data-protection law. LogMeIn has invested in a world-class data privacy program designed to meet the exacting requirements of the SCCs for the transfer of personal data. LogMeIn offers customers SCCs, sometimes referred to as EU Model Clauses, that make specific guarantees around transfers of personal data for in-scope LogMeIn services as part of its global DPA which can be found here. Execution of the SCCs helps ensure that LogMeIn customers can freely move data from the EEA to the rest of the world.

APEC CBPR and PRP Certifications

LogMeIn has additionally obtained Asia-Pacific Economic Cooperation ("APEC") Cross-Border Privacy Rules ("CBPR") and Privacy Recognition for Processors ("PRP") certifications. The APEC CBPR and PRP frameworks are the first data regulation frameworks approved for the transfer of personal data between APEC-member countries and were obtained and independently validated through TrustArc, an APEC-approved third-party leader in data protection compliance. To learn more about our APEC certifications, please click here. Additionally, to review our APEC commitments, please consult our Privacy Policy.

GDPR, CCPA, and Beyond

Data Protection

The General Data Protection Regulation ("GDPR") and California Consumer Privacy Act ("CCPA") represent significant developments in the evolution of data privacy regulation and highlight its growing importance for businesses and individuals alike. At LogMeIn, the privacy of our customers, users, and end-users is a top priority and we will continue to embrace positive developments in the data privacy landscape as that evolution continues.

LogMeIn’s Data Processing Addendum

In addition to maintaining Terms of Service and Privacy Policies designed to support and adapt to changing regulatory requirements and industry standard practices, LogMeIn is pleased to offer a comprehensive global DPA, available here, which is designed to meet the requirements of applicable data privacy laws and regulations, including the GDPR and CCPA.

Specifically, our DPA incorporates several GDPR-focused data privacy protections, including: (a) data processing details, sub-processor disclosures, etc. as required under Article 28; (b) SCCs (also known as Model Clauses) to permit lawful transfer of ‘personal data’ under Chapter 5; and (c) the incorporation by reference of LogMeIn's technical and organizational measures documentation.

Similar to GDPR, the CCPA is designed to give residents of California greater control over their data, including, but not limited to, rights to access and delete personal information, the right to exercise certain rights, and review certain statutory disclosures. We are dedicated to ensuring that our services continue to comply with the applicable provisions of the CCPA and that our privacy and security measures are meeting or exceeding industry standard practices. To account for CCPA our global DPA includes: (a) definitions which are mapped to CCPA; (b) applicable access and deletion rights; and (c) warranties that LogMeIn will not sell our users’ ‘personal information.’

Privacy Disclosures

Data Protection Terms and Conditions

For the most current information and disclosures about LogMeIn’s data protection obligations and commitment to protecting and responsibly handling customer, user and end-user data, please see our latest DPA and Privacy Policy, including, where applicable, the supplemental privacy notices to account for the CCPA.

Processing Locations and Sub-processor Disclosures

Please visit the Trust & Privacy Center’s Product Resources page to review service or suite-specific hosting and processing locations, including applicable affiliate and third-party sub-processor disclosures. For best results, please filter by service or suite at the top of the Product Resources page.

Security and Privacy Operational Controls

Applicable third-party certifications, security measures (e.g., encryption types), data retention periods, and privacy commitments may be reviewed in the service or suite-specific Security and Privacy Operational Controls or “SPOC” documentation found in the Trust & Privacy Center’s Product Resources page. For best results, please filter by service or suite at the top of the Product Resources page.