Last Updated January 1, 2020
- Who we are
- What information do we collect?
- How do we use information we collect?
- Who do we share your personal information with?
- Cookies and similar tracking technology
- How do we keep your personal information secure?
- International data transfers
- Legal basis for processing personal information (EEA visitors only)
- EU-U.S. and Swiss-U.S. Privacy Shield Notice
- Data Retention
- Your data protection rights
- Notice to California Residents
- Contact Us
Who we are
Gainsight, Inc. is a company incorporated under the laws of the State of Delaware, USA and whose principal office is located at 655 Montgomery St, 7th Floor, San Francisco, CA 94111. We own and operate a proprietary Customer Success platform and SaaS applications to enable our customers to better utilize their customer data (“Services”).
For more information about Gainsight, please see the About Us section of our Website.
What information do we collect?
The personal information that we may collect about you broadly falls into the following categories:
Information that you provide voluntarily: Certain parts of our Website may ask you to provide personal information, including when you request information about our Services, register for an event, or request access to a demo or any online training materials.
The personal information you provide voluntarily may include contact information such as your name, address, telephone number or email address and contact preferences. It may also include professional information, such as your job title, department or job role, as well as the nature of your request or communication. Note that we also may collect this information from our EU employees within the context of the work relationship. Gainsight currently does not have employees in Switzerland.
Information we automatically collect: When using our Websites or interacting with our online advertisements or marketing emails (collectively with our Websites, the “Online Properties”), we automatically collect certain information from your device. In some countries, including countries in the European Economic Area, this information may be considered personal information under applicable data protection laws. Some of this information may be collected using cookies and similar tracking technology, as explained further under the heading “Cookies and similar tracking technology”
The information we collect automatically may include information like your IP address, device type, unique device identification numbers, browser-type, broad geographic location (e.g. country or city-level location) and other technical information. We may also collect information about how your device has interacted with our Online Properties, including the pages accessed and links clicked.
How do we use information that we collect?
We may use information that we collect about you for purposes including:
- To respond to your requests or provide you with information requested by you.
- To send administrative or account related information to you.
- To communicate with you about updates to the Services.
- To maintain the website and tailor the website to your needs.
- To comply with and enforce applicable legal requirements, agreements and policies.
- To prevent, detect, identify, investigate, respond and protect against potential or actual claims, liabilities, prohibited behavior, and criminal activity.
- For other business purposes such as data analysis, identifying usage trends, determining the effectiveness of our marketing and to enhance, customize and improve our Websites, products and services.
- In relation to EU employee data, to facilitate the employer/employee relationship.
- To better understand the individuals who use and interact with our Online Properties, where they come from, and what content on our Online Properties is of interest to them. We use this information for our internal analytics purposes and to improve the quality and relevance of our Online Properties.
Who do we share your personal information with?
We may disclose your personal information to the following categories of recipients:
- to any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person;
- to any other person with your consent to the disclosure.
Cookies and similar tracking technology
How do we keep your personal information secure?
We use appropriate administrative, organizational, technical and physical safeguards to protect the personal information we collect and process about you. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal information and to help ensure that your data is safe, secure, and only available to you and to those you provided authorized access (e.g., your users). Specific measures we use include using encryption technologies and storage on physically and electronically secured servers. However, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so you should take care in deciding what information you send us in this way.
International data transfers
Your personal information may be collected, transferred to, and processed in, countries other than the country in which you are resident, including the United States and other countries. These countries may have data protection laws that are different to the laws of your country, and may not provide for the same level of data protection as your jurisdiction.
We have implemented appropriate safeguards to ensure that the recipient of your personal information offers an adequate level of protection, or we will ask you for your prior written consent for such international data transfers. Further details can be provided upon request.
Legal basis for processing personal information (EEA visitors only)
If you are resident in or a visitor from the European Economic Area, our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it. In most cases we use personal information where we have your consent to do so, where we need it to perform a contract with you, or where the processing is in our legitimate business interests. In some cases, we have a legal obligation to collect personal information from you.
If we ask you to provide personal Information to comply with a legal requirement or to enter into a contract with you, we will make this clear at the relevant time and advise you whether the provision of information is mandatory or not (as well as of the possible consequences if you do not provide your personal information). Similarly, if we collect and use your personal information in reliance on our legitimate interests, we will make clear to you at the relevant time what those legitimate interests are. Typically, our legitimate interests include: (i) improving our technology, products and services; (ii) for our marketing activities; and (iii) measuring the effectiveness of our marketing and promotional campaigns.
If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided under the “Contact Us” heading below.
EU-U.S. and Swiss Privacy Shield Notice
Gainsight is responsible for the processing of personal information it receives under the Privacy Shield Frameworks and subsequently transfers to a third party acting as an agent on its behalf. We comply with the Privacy Shield Principles for all onward transfers of personal information from participating European Union countries and Switzerland, including the onward transfer liability provisions.
Access: Pursuant to the Privacy Shield Frameworks, EU and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under Privacy Shield, should direct their query to email@example.com. If requested to remove data, we will respond within a reasonable timeframe.
Dispute Resolution: Gainsight has further committed to refer unresolved complaints under the EU-US and Swiss-US Privacy Shield Principles to the BBB EU Privacy Shield, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you don’t receive timely acknowledgment of a complaint you have submitted, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information.
The services of BBB EU Privacy Shield are provided at no expense to you.
If your complaint involves human resources data transferred to the United States from the EU in the context of the employment relationship, and Gainsight does not address it satisfactorily, Gainsight commits to cooperate with the panel established by the EU data protection authorities (DPA Panel) and to comply with the advice given by the DPA panel with regard to such human resources data. To pursue an unresolved human resources complaint, you should contact the state or national data protection or labor authority in the appropriate jurisdiction. Complaints related to human resources data should not be addressed to the BBB EU PRIVACY SHIELD.
If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex(1)at https://www.privacyshield.gov/article?id=ANNEX-I-introduction U.S. Federal Trade Commission Enforcement: With respect to personal information received or transferred pursuant to the Privacy Shield Frameworks, we are subject to the regulatory enforcement powers of the U.S. Federal Trade Commission (FTC).
Requirement to disclose: In certain situations, we may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
For more information about the Privacy Shield, see the US Department of Commerce’s Privacy Shield website located at: https://www.privacyshield.gov. To review our certification on the Privacy Shield list, see the US Department of Commerce’s Privacy Shield self-certification list located at: https://www.privacyshield.gov/list.
We retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax or accounting requirements, to enforce our agreements or comply with our legal obligations).
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
Please contact us if you have any questions about the information we collect and/or how we use the information we collect.
Your data protection rights
You have the following data protection rights:
- You can access, review, change, update or delete your personal information at any time by contacting us at firstname.lastname@example.org. Please note that we may impose a small fee for access and disclosure of your personal information where permitted under applicable law, which will be communicated to you. We do not charge you to update or remove your personal information.
- To remove your personal information from a Website testimonial or request removal of your personal information from our blog or community forum, contact us at email@example.com. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why.
- In addition, if you are a resident of the European Union, you can object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information. To exercise these rights email firstname.lastname@example.org.
- You can opt out of receiving promotional emails from us by emailing email@example.com. If you choose to no longer receive marketing information, we may still communicate with you regarding such things as your security updates, product functionality, responses to service requests, or other transactional, non-marketing/administrative related purposes.
- If we have collected and process your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
- You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority. Contact details for data protection authorities in the European Economic Area (“EEA”), Switzerland and certain non-European countries (including the US and Canada) are available here.
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. To protect your privacy and security, we take reasonable steps to verify your identity before granting you account access or making corrections to your personal information.
The Website and its content are not directed at children. We do not knowingly collect any information from anyone under 13 years of age. If you are under the age of 18, you may not use this Website unless you have the consent of, and are supervised by, a parent or guardian.
Notice to California Residents
How We Collect and Use Personal Information
This section describes the personal information (as defined by the California Consumer Privacy Act of 2018 or the “CCPA”) we collected about California residents in the last 12 months, the sources of that information, our business or commercial purposes for collecting the information, and the third parties with whom we shared that information. Please refer to the corresponding sections of this policy for details on the following:
- Information We Collect and How We Collect It: This section describes the categories of personal information we collected and the categories of sources from which the information was collected.
- How We Use Your Information: This section describes the business or commercial purposes for which we collected the information.
- How We Share Your Information: This section lists the categories of third parties with whom we shared personal information.
Your Rights and How to Exercise Them
California residents have certain rights under the CCPA. Those rights may only apply in certain circumstances and may be subject to limitations or exceptions. A summary of those rights is provided below as well as information on how to exercise your rights. Please note that we will require certain identifying information about you as necessary for us to verify your request in accordance with applicable law.
- Right to Know: You have the right to know what personal information we collect, use, disclose and/or sell about you. To exercise this right, please click here and complete the web form. You may also submit your request by calling 1-888-623-8562 option 6.
- Right to Opt Out of Sale: You have the right to opt out or ask us not to sell your personal information. To exercise this right, please click here and complete the web form. You may also submit your request by calling 1-888-623-8562 option 6. We do not sell your personal information in exchange for money. We do share certain information with third parties to market products, services, and other offers we think may be of interest to you. The CCPA broadly defines the concept of “selling” information so we offer the opportunity for CA residents to opt out of our sharing information with third parties in this manner. Please note that if you opt out of this information sharing with us, we will remove you from these activities; however, other companies may continue to use and disclose your information in the same manner. You should opt out of these practices with those other companies and websites, as applicable.
- Right to Delete: You have the right to request us to delete the personal information we collect or maintain about you. To exercise this right, please click here and complete the web form. You may also submit your request by calling 1-888-623-8562 option 6. Please note that certain exceptions may apply to your right to delete information, such as when we must retain your information to comply with law. We will notify you if any such exceptions apply to your request.
- Right to Non-Discrimination: You have the right not to receive discriminatory treatment by us for exercising any of your rights under the CCPA. However, we may offer certain financial incentives, charge reasonable fees related to your requests, or deny your right to know, right to opt out of sale or right to deletion in accordance with applicable law.
You can exercise these rights yourself or you can designate an authorized agent to make a request on your behalf. Your authorized agent must be able to demonstrate authority to act on your behalf as further instructed when submitting a verifiable request on your behalf.
How We Disclose Information
- In the last 12 months, we disclosed or sold your name, email address, mailing address, phone number, device ID, IP address, browser type and certain browsing activity or user feedback content to third parties for the commercial purposes of marketing and customizing our services and product offerings to you. Again, we do not sell your personal information in exchange for money.
- We do not sell the personal information of minors under age 16.
Third-Party Marketing. As provided by California Civil Code Section 1798.83, a California resident who has provided information to Gainsight and with whom they have established a business relationship for personal, family, or household purposes (“California customer”) is entitled to request information about whether we have disclosed personal information to any third parties for the third parties’ direct marketing purposes. To request such information, please email us at firstname.lastname@example.org.
Please allow 30 days for a response. Please note that we are only required to respond to one request per customer each year and you will not be charged for this request.
To exercise your rights regarding your personal information, or if you have any questions or concerns about our use of your personal information, please contact us by mail at: 655 Montgomery St, 7th Floor, San Francisco, CA 94111 ATTN: General Counsel, or by email: email@example.com.
Important Information: If you are located in the EEA, Gainsight, Inc. is the data controller of your personal information.