One Identity can share your personal data with affiliated companies, outside vendors, and business partners, including for marketing purposes and not just to deliver services you requested.
This analysis describes what OneLogin's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Data sharing with business partners for promotions goes beyond what most users expect from an identity management vendor and may result in your contact information being used for third-party marketing purposes.
The updated policy discloses that OneLogin may record calls with consent and use AI to analyze call transcripts, chat conversations, and sales emails for multiple purposes including follow-up task id…
Your contact information and usage data may be shared with business partners who can use it to offer you products or services unrelated to the One Identity service you signed up for. This sharing is disclosed but may not require your active consent in all jurisdictions.
How other platforms handle this
We may share your information with third-party advertising partners to provide you with targeted advertising. We also work with third-party analytics providers who help us understand how users interact with our Services. These third parties may use cookies, web beacons, and similar tracking technolo...
We work with third-party advertising partners to market our Products, and we share personal data with advertising networks and social media companies to serve ads. We also use analytics providers to help us understand how users interact with our Products.
We may share your personal information with third-party vendors and service providers that perform services on our behalf, such as payment processing, data analysis, email delivery, hosting services, customer service, and marketing assistance. We may also share your personal information with busines...
Monitoring
OneLogin has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"We may share your personal information with our subsidiaries and affiliates, as well as with third-party vendors, service providers, contractors or agents who perform services for us or on our behalf and require access to such information to do that work. We may also share your personal information with business partners to offer you certain products, services or promotions.— Excerpt from OneLogin's OneLogin Privacy Policy
1) REGULATORY LANDSCAPE: This provision implicates GDPR Articles 6 and 13 regarding lawful basis and transparency for data sharing, CCPA/CPRA provisions on disclosure of data sharing with third parties and the right to opt out of sale or sharing, and FTC Act principles on unfair or deceptive practices. The relevant enforcement authorities are EU Data Protection Authorities, the California Privacy Protection Agency, and the FTC. The breadth of 'business partners' sharing for promotional purposes may require evaluation under GDPR's purpose limitation principle and CCPA's definition of 'sharing' for cross-context behavioral advertising. 2) GOVERNANCE EXPOSURE: Medium. The provision broadly authorizes sharing with business partners for promotions without specifying the categories of partners or the controls applied to such sharing. Under CCPA/CPRA, sharing personal information for cross-context behavioral advertising constitutes 'sharing' subject to opt-out rights regardless of monetary exchange, which may require an opt-out mechanism if One Identity shares data with advertising or analytics partners. 3) JURISDICTION FLAGS: California residents have a right to opt out of sharing under CPRA. EU/EEA users are entitled to know the specific legal basis for sharing with business partners; legitimate interests assertions for promotional sharing may face scrutiny from DPAs. UK GDPR imposes similar transparency obligations. Organizations processing employee data through One Identity may face additional obligations under local employment data protection laws. 4) CONTRACT AND VENDOR IMPLICATIONS: Enterprise procurement teams should request a sub-processor list and Data Processing Agreement that clearly delineates which third-party vendors receive personal data, the purposes for which they receive it, and what contractual restrictions apply. The reference to 'business partners' for promotions is distinct from sub-processors and should be evaluated separately in vendor risk assessments. 5) COMPLIANCE CONSIDERATIONS: Legal teams should assess whether One Identity's business partner sharing for promotional purposes triggers CPRA opt-out obligations and whether a 'Do Not Sell or Share My Personal Information' link is required on properties targeting California users. Data mapping should be updated to reflect all third-party recipients and the purposes of transfer. GDPR-covered organizations should verify that legitimate interests assessments or consent mechanisms are documented for promotional data sharing.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them to separate documents.
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do right now.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Data sharing with business partners for promotions goes beyond what most users expect from an identity management vendor and may result in your contact information being used for third-party marketing purposes.
Your contact information and usage data may be shared with business partners who can use it to offer you products or services unrelated to the One Identity service you signed up for. This sharing is disclosed but may not require your active consent in all jurisdictions.
ConductAtlas has identified this type of provision across 1 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by OneLogin.