Last Updated July 31, 2018
Gainsight, Inc. (“Gainsight“, “we” “our“) respect your privacy. This Notice explains who we are, how we collect, share and use personal information about you, and how you can exercise your privacy rights. This Notice only applies to personal information we collect in the usual course of business, including through our websites (such as https://www.gainsight.com).
For personal information that we collect when you use or otherwise interact with our services, please see our services privacy notice;
If you have any questions about this Notice, please contact us at the details below.
We recommend that you read this Notice in full to ensure that you are fully informed. However, if you only want to access a particular section of this Notice, then you can click on the relevant link to jump to that section.
- Who we are
- What information do we collect and why?
- Who do we share your personal information with?
- Cookies and similar tracking technology
- How do we keep your personal information secure?
- International data transfers
- Legal basis for processing personal information (EEA visitors only)
- EU-U.S. and Swiss-U.S. Privacy Shield Notice
- Data Retention
- Your data protection rights
- Changes to our Notice
- Contact Us
Who we are
Gainsight, Inc. is a company incorporated under the laws of the State of Delaware, USA]and whose principal office is located at 1400 Bridge Parkway, Suite 101, Redwood City, California 94065, USA. We own and operate a proprietary customer success management platform to enable our customers to better utilize their customer data (“Services”).
What information do we collect and why?
The personal information that we may collect about you broadly falls into the following categories:
Information that you provide voluntarily: Certain parts of our Website may ask you to provide personal information voluntarily: for example, we may ask you to provide your contact details (like your name, email address and phone number) when you request information about our Services, or request access to a demo or any online training materials. The personal information that you are asked to provide, and the reasons why you are asked to provide it, will be made clear to you at the point we ask you to provide your personal information.
We will also let you know prior to collection whether the provision of personal information we are collecting is compulsory or may be provided on a voluntary basis and the consequences, if any, of not providing the information.
The personal information we collect may include contact information such as your name, address, telephone number or email address and contact preferences. It may also include professional information, such as your job title, department or job role, as well as the nature of your request or communication. Note that we also may collect this information from our EU employees within the context of the work relationship. Gainsight currently does not have employees in Switzerland.
Examples of how we use this information include:
- To respond to your requests or provide you with information requested by you.
- To send administrative or account related information to you.
- To communicate with you about updates to the Services.
- To maintain the website and tailor the website to your needs.
- To provide you with marketing and promotional communications (where this is in accordance with the law). For more information about managing your marketing preferences, please see the “Your Data Protection Rights” section of this Notice below.
- To comply with and enforce applicable legal requirements, agreements and policies.
- To prevent, detect, identify, investigate, respond and protect against potential or actual claims, liabilities, prohibited behavior, and criminal activity.
- For other business purposes such as data analysis, identifying usage trends, determining the effectiveness of our marketing and to enhance, customize and improve our Websites, products and services.
- In relation to EU employee data, to facilitate the employer/employee relationship.
Information we automatically collect: When using our Websites or interacting with our online advertisements or marketing emails (collectively with our Websites, the “Online Properties”), we automatically collect certain information from your device. In some countries, including countries in the European Economic Area, this information may be considered personal information under applicable data protection laws. Some of this information may be collected using cookies and similar tracking technology, as explained further under the heading “Cookies and similar tracking technology”
[Specifically, the information we collect automatically may include information like your IP address, device type, unique device identification numbers, browser-type, broad geographic location (e.g. country or city-level location) and other technical information. We may also collect information about how your device has interacted with our Online Properties, including the pages accessed and links clicked.]
How we use this information: Collecting this information enables us to better understand the individuals who use and interact with our Online Properties, where they come from, and what content on our Online Properties is of interest to them. We use this information for our internal analytics purposes and to improve the quality and relevance of our Online Properties.
Who do we share your personal information with?
We may disclose your personal information to the following categories of recipients:
- to our third party service providers and partners who provide data processing services to us (for example, to support the delivery of, provide functionality on, or help to enhance the security of our Online Properties), or who otherwise process personal information for purposes that are described in this Notice or notified to you when we collect your personal information.
- to any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person;
- to a potential buyer (and its agents and advisers) in connection with any proposed purchase, merger or acquisition of any part of our business, provided that we inform the buyer it must use your personal information only for the purposes disclosed in this Notice;
- to our marketing partners to send emails on our behalf, and/or for co-branded and/or co-sponsored marketing and promotional events (such as conference events) offered in conjunction with another company or companies. If you register for or participate in such marketing and promotional events, we and the relevant partner companies may receive information collected in conjunction with the co-branded and/or co-sponsored marketing and promotional events. Our Notice will apply to our use of your personal information. We have no control over any other companies’ privacy practices, so please read their applicable privacy.
- to any other person with your consent to the disclosure.
Cookies and similar tracking technology
How do we keep your personal information secure?
We use appropriate administrative, organizational, technical and physical safeguards to protect the personal information we collect and process about you. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal information and to help ensure that your data is safe, secure, and only available to you and to those you provided authorized access (e.g., your users). Specific measures we use include using encryption technologies and storage on physically and electronically secured servers. However, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so you should take care in deciding what information you send us in this way.
International data transfers
Please be aware that your personal information may be transferred to, and processed in, countries other than the country in which you are resident. These countries may have data protection laws that are different to the laws of your country.
Specifically, our Website servers are located in the United States, and our third party service providers and partners operate in the United States.
We have implemented appropriate safeguards with our third party service providers and partners and further details can be provided upon request.
Legal basis for processing personal information (EEA visitors only)
If you are resident in or a visitor from the European Economic Area, our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it. In most cases we use personal information where we have your consent to do so, where we need it to perform a contract with you, or where the processing is in our legitimate business interests. In some cases, we have a legal obligation to collect personal information from you.
If we ask you to provide personal Information to comply with a legal requirement or to enter into a contract with you, we will make this clear at the relevant time and advise you whether the provision of information is mandatory or not (as well as of the possible consequences if you do not provide your personal information). Similarly, if we collect and use your personal information in reliance on our legitimate interests, we will make clear to you at the relevant time what those legitimate interests are. Typically, our legitimate interests include: (i) improving our technology, products and services; (ii) for our marketing activities; and (iii) measuring the effectiveness of our marketing and promotional campaigns.
If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided under the “Contact Us” heading below.
EU-U.S. and Swiss Privacy Shield Notice
Gainsight is responsible for the processing of personal information it receives under the Privacy Shield Frameworks and subsequently transfers to a third party acting as an agent on its behalf. We comply with the Privacy Shield Principles for all onward transfers of personal information from participating European Union countries and Switzerland, including the onward transfer liability provisions.
Access: Pursuant to the Privacy Shield Frameworks, EU and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also may correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under Privacy Shield, should direct their query to firstname.lastname@example.org. If requested to remove data, we will respond within a reasonable timeframe.
Questions or complaints: In compliance with the Privacy Shield Principles, Gainsight is committed to resolving complaints about our collection or use of your personal information. If you are a resident of a European Union country or Switzerland, you may direct your inquires or complaints regarding this Notice to us using the contact details provided below email@example.com. We will work with you to resolve your issue.
Dispute Resolution: Gainsight has further committed to refer unresolved complaints under the EU-US and Swiss-US Privacy Shield Principles to the BBB EU Privacy Shield, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you don’t receive timely acknowledgment of a complaint you have submitted, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information.
The services of BBB EU Privacy Shield are provided at no expense to you.
If your complaint involves human resources data transferred to the United States from the EU in the context of the employment relationship, and Gainsight does not address it satisfactorily, Gainsight commits to cooperate with the panel established by the EU data protection authorities (DPA Panel) and to comply with the advice given by the DPA panel with regard to such human resources data. To pursue an unresolved human resources complaint, you should contact the state or national data protection or labor authority in the appropriate jurisdiction. Complaints related to human resources data should not be addressed to the BBB EU PRIVACY SHIELD.
If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex(1)at https://www.privacyshield.gov/article?id=ANNEX-I-introductionU.S. Federal Trade Commission Enforcement: With respect to personal information received or transferred pursuant to the Privacy Shield Frameworks, we are subject to the regulatory enforcement powers of the U.S. Federal Trade Commission (FTC).
Requirement to disclose: In certain situations, we may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
For more information about the Privacy Shield, see the US Department of Commerce’s Privacy Shield website located at: https://www.privacyshield.gov. To review our certification on the Privacy Shield list, see the US Department of Commerce’s Privacy Shield self-certification list located at: https://www.privacyshield.gov/list.
We retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax or accounting requirements, to enforce our agreements or comply with our legal obligations).
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
Please contact us if you have any questions about the information we collect and/or how we use the information we collect.
Your data protection rights
You have the following data protection rights:
- You can access, review, change, update or delete your personal information at any time by contacting us at firstname.lastname@example.org. Please note that we may impose a small fee for access and disclosure of your personal information where permitted under applicable law, which will be communicated to you. We do not charge you to update or remove your personal information.
- To remove your personal information from a Website testimonial or request removal of your personal information from our blog or community forum, contact us at email@example.com. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why.
- In addition, if you are a resident of the European Union, you can object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information. To exercise these rights email firstname.lastname@example.org.
- You can opt out of receiving promotional emails from us by emailing email@example.com. If you choose to no longer receive marketing information, we may still communicate with you regarding such things as your security updates, product functionality, responses to service requests, or other transactional, non-marketing/administrative related purposes.
- If we have collected and process your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
- You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority. Contact details for data protection authorities in the European Economic Area (“EEA”), Switzerland and certain non-European countries (including the US and Canada) are available here.
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. To protect your privacy and security, we take reasonable steps to verify your identity before granting you account access or making corrections to your personal information.
We are in compliance with the requirements of COPPA (Children’s Online Privacy Protection Act), as we do not collect any information from anyone under 13 years of age. The Website and its content are directed to people who are at least 18 years of age or older. We do not collect any information from anyone under 18 years of age. If you are under the age of 18, you may not use this Website unless you have the consent of, and are supervised by, a parent or guardian.
Changes to our Notice
We may revise this Notice from time to time in response to changing legal, technical or business developments. The most current version of this Notice will govern our use of your personal information. When we update our Notice, we will take appropriate measures to inform you, consistent with the significance of the changes we make. We will obtain your consent to any material Notice changes if and where this is required by applicable data protection laws. You can see when this Notice was last updated by checking the “last updated” date displayed at the top of this Notice.
We commit to resolve complaints about your privacy and our collection or use of your personal information. If you have any questions or concerns about our use of your personal information, please contact firstname.lastname@example.org using the following details:
By post: Attn: Gainsight General Counsel Gainsight, Inc., 1400 Bridge Parkway Suite 101, Redwood City, CA 94065
By email: email@example.com
Important Information: If you are located in the EEA, Gainsight, Inc. is the data controller of your personal information.