One Identity may obtain personal information about you from outside sources, including data brokers and social media platforms, and add it to the profile it already holds about you.
This analysis describes what OneLogin's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Data enrichment from third-party sources, including data brokers, means One Identity may build a more detailed profile of you than what you directly provided, which can affect how you are targeted for marketing.
Interpretive note: The policy does not specify which data brokers or social media platforms are used as sources, making it difficult to assess the scope of third-party data enrichment in practice.
The updated policy discloses that OneLogin may record calls with consent and use AI to analyze call transcripts, chat conversations, and sales emails for multiple purposes including follow-up task id…
Your personal profile with One Identity may be enriched with data purchased or obtained from data brokers and social media platforms without your direct knowledge, potentially resulting in more detailed profiling for marketing or analytics purposes. EU users have the right to object to this type of profiling under GDPR.
How other platforms handle this
Anthropic obtains personal data from third party sources in order to train our models. Specifically, we train our models using data from the following sources: Publicly available information via the Internet; Datasets that we obtain through commercial agreements with third party businesses; Data tha...
We (or third parties acting on our behalf) may receive or collect additional information about you from public databases, partners, social media platforms, conference hosts, event companies, and other third parties that supplement the information we collect directly or automatically as described abo...
When you visit the Careers portion of our websites, we collect the information that you provide to us in connection with your job application. This includes but is not limited to business and personal contact information, professional credentials and skills, educational and work history and other in...
Monitoring
OneLogin has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"We may receive personal information about you from third parties, such as business partners, data brokers, social media platforms, and other publicly available sources, and combine this information with other data we hold about you.— Excerpt from OneLogin's OneLogin Privacy Policy
1) REGULATORY LANDSCAPE: This provision engages GDPR Articles 13 and 14 (which distinguish between data collected directly from data subjects and data obtained from other sources, imposing specific transparency obligations for the latter) and CCPA/CPRA provisions requiring disclosure of categories of sources from which personal information is collected. The FTC Act applies to deceptive or unfair data enrichment practices in the US context. The use of data brokers as a source may also implicate specific state laws governing data broker registration and transparency, including California, Vermont, and Texas. 2) GOVERNANCE EXPOSURE: Medium. GDPR Article 14 requires that where data is not collected directly from the data subject, specific information about the source and categories of data must be provided to the individual within a reasonable timeframe. The policy's general reference to 'data brokers' and 'publicly available sources' may not satisfy this requirement without more granular disclosure of specific sources and categories. The FTC has also expressed increasing scrutiny of data broker practices in recent enforcement guidance. 3) JURISDICTION FLAGS: EU/EEA and UK users have the strongest protections; GDPR Article 14 notification obligations may require One Identity to proactively inform users when their data is sourced from third parties. California users have CPRA rights to know categories of sources. Users in states with data broker registration requirements may have additional rights. Organizations in regulated industries should assess whether data enrichment from brokers is consistent with sector-specific data use limitations. 4) CONTRACT AND VENDOR IMPLICATIONS: Enterprise customers should assess whether data enrichment practices by One Identity affect the integrity of data in identity management systems that the enterprise controls. If enriched data is incorporated into enterprise user profiles, this may create compliance obligations for the enterprise as a data controller. Procurement teams should request disclosure of which data broker sources are used and on what legal basis. 5) COMPLIANCE CONSIDERATIONS: Legal teams should assess whether One Identity's GDPR Article 14 notifications to EU data subjects are operationally implemented when data is sourced from brokers or social media. The policy should be reviewed against the company's actual data sourcing practices to confirm consistency. If data broker relationships involve the transfer of EU personal data to the US, the transfer mechanisms should be evaluated for adequacy.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Netflix updated its Privacy Statement on April 18, 2026, disclosing voice recording collection and expanded household ad profiling for the first time.
Google's Privacy Policy covers Search, Gmail, YouTube, Maps, and every site running Google Analytics. Here is what it actually authorizes.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Data enrichment from third-party sources, including data brokers, means One Identity may build a more detailed profile of you than what you directly provided, which can affect how you are targeted for marketing.
Your personal profile with One Identity may be enriched with data purchased or obtained from data brokers and social media platforms without your direct knowledge, potentially resulting in more detailed profiling for marketing or analytics purposes. EU users have the right to object to this type of profiling under GDPR.
ConductAtlas has identified this type of provision across 3 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by OneLogin.