Privacy Policy

Last Updated January 2024

Gainsight, Inc., including its affiliates Aptrinsic, Ltd., Gainsight Software Private Limited, Gainsight UK LTD, inSided B.V., Northpass, Inc. and Northpass Poland SP. z.o.o (collectively, “Gainsight“, “we,” “us,” or “our“) respect the privacy of individuals who interact with us, such as our website visitors, customers, leads and prospects, business partners, end users, event attendees, job applicants and recipients of marketing communications (“you” or “your“). This Privacy Policy explains who we are, how we collect, share and use personal information about you, and how you can exercise your privacy rights.

This Privacy Policy only applies to personal information that is provided to or is collected by us (i) through our website www.gainsight.com, www.insided.com and www.northpass.com (“Website“) and (ii) when you visit, interact with or use any of our offices, events, sales, marketing, and related online and offline activities. When we refer to any combination of the above in this Privacy Policy, we use the term “Services“.

This Privacy Policy does not apply to personal information that we process on behalf of our individual and business customers in our role as a service provider, such as information that we receive through Gainsight’s customer success software services or other Gainsight services (collectively, the “Subscription Services“). Where a Gainsight business customer who purchases and uses the Subscription Services is the controller (e.g. you are the business customer account manager or any other individual authorized to use the Subscription Services under the business customer’s account, or your personal information is provided by the business customer through their use of the Subscription Services), please reach out to the respective business customer directly. We are not responsible for the privacy or data security practices of our business customers.

This Privacy Policy also does not apply to websites, products, or services that display or link to different privacy statements or that are operated by companies other than Gainsight, or to business activities or practices of third parties.
The controller of the personal information addressed in the Privacy Policy is Gainsight, Inc.

If you have any questions about this Privacy Policy, please contact our Privacy Team at privacy@gainsight.com.

When you access or use our Services, you acknowledge that you have read this Privacy Policy and understand its content. Your use of our Services and any dispute over privacy is subject to this Privacy Policy and any applicable service terms (including any applicable limitations on damages and the resolution of disputes).

Quick links

We recommend that you read this Privacy Policy in full to ensure that you are fully informed. However, if you only want to access a particular section of this Privacy Policy, then you can click on the relevant link to jump to that section.

Who we are

Gainsight, Inc. is a company incorporated under the laws of the State of Delaware, USA and with an address at 350 Bay Street, Suite 100, San Francisco, CA 94133 USA. We own and operate a proprietary Customer Success platform and SaaS applications to enable our customers to better utilize their customer data. We have a global presence with offices in countries including India, the United Kingdom, Poland, Japan and the Netherlands, as well as employees working from countries including the USA and Canada.

For more information about Gainsight, please see the About Us section of our Website.

What personal information do we collect?

The personal information that we collect about you depends on the context of your interactions with Gainsight and the choices you make, the Services and features you use, your location, and applicable laws, but broadly falls into the following categories which in the preceding 12 months included:

Information that you provide voluntarily

When you subscribe to marketing or one of our newsletters, request a free trial or demo or any online training materials, apply for a position, request information about our products and services, create an account, fill out our forms, visit our offices, register for an event or webinar, complete a survey and/or otherwise communicate with us in any way, we ask you to provide certain personal information. This may include:

  • Contact information: such as your name, email address, mailing address or telephone number.
  • Professional information: such as your employer’s name, job title, department or job role.
  • Marketing information: such as your contact preferences.
  • Applicant information if you apply for a job with Gainsight: such as your resume, desired pay, education and work history, whether you are over the age of 18, and visa status. You also may choose to provide your gender, ethnicity, veteran status, disability status, and links to your website, blog, portfolio, or LinkedIn profile.
  • Online content: which includes personal information disclosed by you on message boards, chat features, blogs, communications and/or requests to Gainsight and other services or platforms to which you are able to post information and materials, including third party services and platforms.

We may also record or monitor our telephone or other communications with you, to the extent permitted by applicable law.

Providing your personal information is optional, but it may be necessary for certain Services, such as to access content like whitepapers, to activate or access an app or a cloud service. In such cases, if you do not provide your information, we may not be able to provide you with the requested Services.

Information we automatically collect

We automatically collect certain device and usage information including when you use or interact with our Websites and emails we send you.

The information we collect includes:

  • Details about your computer, device, applications, and networks, including internet protocol (IP) address, cookie identifiers, mobile carrier, Bluetooth device IDs, mobile device ID, mobile advertising identifiers, MAC address, IMEI, Advertiser IDs, and other device identifiers that are automatically assigned to your computer or device when you access the Internet.
  • Details about your internet, app, or network usage (including URLs or domain names of websites you visit before and after using the Services, the date and time of your visit, the amount of time you spend on each page, information about the links you click and pages you view within the Services, and other actions taken through use of the Services such as preferences).
  • Geo-location (at country or city level only, not precise location).
  • Performance information, crash logs, and other aggregate or statistical information.

We collect this information through our Website, Services and through other technologies, such as cookies and similar technologies like single-pixel gifs and web beacons. For more information, please review our Cookie Policy.

Information We Collect from Other Sources

We may receive information about you from other sources (including third parties from whom we have purchased personal information) and combine that information with the information we collect. For example, we collect personal information from joint marketing partners, channel partners, our affiliated companies, recruitment agencies, lead generation providers, public databases, data providers, and social media platforms.

This information may include mailing addresses, current and former job titles, email addresses, phone numbers, employment history, intent data (or user behavior data), IP addresses, social media profiles, LinkedIn URLs, and custom profiles and resumes.

How do we use the personal information that we collect?

We use the personal information that we collect about you for a variety of purposes and on the legal bases described in this Privacy Policy, which in the preceding 12 months included:

  • Handling contact and user requests: If you fill out a web form or request support, if you contact us by other means, including via a phone call, we use your data to perform our contract with you or if we do not have a contract directly with you, in reliance on our legitimate interests in fulfilling your requests and communicating with you.
  • Managing events: We use data to plan and host events or webinars for which you have registered or that you attend, including sending related communications to you, to perform our contract with you or in reliance on our legitimate interests in administering and promoting the event.
  • Sending marketing and promotional communications: We use data we collect to send promotional communications, including product recommendations, and other non-transactional communications (e.g. marketing newsletters, telemarketing calls, SMS, or push notifications) about Gainsight and our selected partners according to your marketing preferences. This may include information about our products, promotions, or events as necessary for our legitimate interest in conducting direct marketing, or to the extent you have provided your prior consent. Please see the Your Data Protection Rights section below to learn how you can control the processing of your personal information by Gainsight for marketing purposes.
  • Displaying advertising and relevant offers: We use data we collect through our interactions with you to conduct marketing research, advertise to you, provide personalized information about us on and off our websites and to provide other personalized content based on your activities and interests to the extent it is necessary for our legitimate interest in advertising our Services, or where necessary, to the extent that you have provided your prior consent. Please see the Your Data Protection Rights section below to learn how you can control the processing of your personal information by Gainsight for personalized advertising. For these purposes, we may link or combine information about you with other personal information we get from third parties, to help understand your needs and provide you with better and more personalized service or content.
  • Improving and developing the Services: We use data to analyze trends to identify future opportunities for the development, promotion, and improvement of our Services, in reliance on our legitimate interests in developing and improving our Services, or where required, with your consent. For example, we use data, often in a de-identified form, to develop new features, capabilities, or products, improve the user experience, assess capability requirements, and identify customer opportunities.
  • Processing job applications: We process your personal information if you apply for a job with Gainsight, to evaluate your application and make hiring decisions, communicate with you and inform you of current and future career opportunities (unless you tell us that you do not want us to keep your details for such purposes), manage and improve our recruiting and hiring processes, or to conduct reference and background checks where required or permitted by applicable local law. We perform this processing to the extent that it is necessary to comply with our legal obligations, for our legitimate interest in assessing the suitability of our candidates and managing our recruiting process, or, where required by applicable law, with your consent.
  • Securing the Services: We process data by tracking use of our Website and services for the purposes of maintaining the safety and security of our Services, including verifying accounts and activity, investigating suspicious activity, and enforcing our terms and policies, in reliance on our legitimate interest in promoting the safety and security of our Services, systems and applications and in protecting our rights and the rights of others.
  • Registering office visitors: We may process your personal information for security reasons, to register visitors to our offices and to manage non-disclosure agreements that visitors may be required to sign, to the extent such processing is necessary for our legitimate interest in protecting our offices and our confidential information against unauthorized access.
  • Complying with legal obligations: We process your personal information when cooperating with public and government authorities, courts or regulators in accordance with our legal obligations under applicable laws, to the extent this requires the processing or disclosure of personal information to protect our rights, or is necessary for our legitimate interest in protecting against misuse or abuse of our websites, protecting personal property or safety, pursuing remedies available to us and limiting our damages, complying with judicial proceedings, court orders or legal processes, or to respond to lawful requests.
  • For our business purposes: We may use data for other legitimate business purposes in reliance on our legitimate interests, such as to update, expand, and analyze our records, identify new customers, data analysis, to protect, investigate, and deter against fraudulent, unauthorized, or illegal activity, developing new products, enhancing, improving or modifying our Services, identifying usage trends, determining the effectiveness of our promotional campaigns, free trials and operating and expanding our business activities.

In carrying out these purposes, we combine data we collect from different contexts or that we obtain from third parties to give you a more seamless, consistent, and personalized experience, to make informed business decisions, and for other legitimate purposes.

Who do we share your personal information with?

Whenever we share your personal information with a third party provider, we ensure that this is done so in accordance with applicable laws. The types of entities to whom we disclose and have disclosed information within the last 12 months, include:

  • to our affiliates within the Gainsight corporate group and companies we may acquire in the future when they become part of the Gainsight corporate group, to the extent such sharing of data is necessary (for example, to fulfil a request you have submitted or for marketing or technical operations).
  • to our contractors and third party service providers who provide services to us (for example, to support the delivery of, provide functionality on, or help to enhance the security of our Services), or who otherwise process personal information for purposes that are described in this Privacy Policy or notified to you when we collect your personal information.
  • to our marketing partners of co-branded and/or co-sponsored marketing and promotional events (such as conference events or webinars) offered in conjunction with another company or companies.For example, if you attend an event or webinar organized by us, or download or access materials on our Website, we may share your data with sponsors of the event. If required by applicable law, you can consent to such sharing via the registration form or by allowing your attendee badge to be scanned at a sponsor booth. In these circumstances, your information will be subject to the sponsors’ privacy statements. If you do not want your information shared, you can choose to not opt in upon registration or elect to not have your badge scanned, or you can opt out according to the Your Data Protection Rights section below.
  • to analytics providers. We use Google Analytics, a service provided by Google, Inc. to gather information about how users engage with our Website. For more information about Google Analytics, please visit https://policies.google.com/technologies/partner-sites. You can opt out of Google’s collection and processing of data generated by your use of the Services by going to https://tools.google.com/dlpage/gaoptout.
  • to any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person;
  • to a potential buyer (and its agents and advisers) in connection with any proposed purchase, merger or acquisition of any part of our business or similar transaction with a third party involving the sale, transfer, divestiture, or disclosure of all or a portion of our business or assets to another company. In accordance with applicable laws, we will use reasonable efforts to notify you of any transfer of personal information to an unaffiliated third party;
  • to any other person with your consent to the disclosure.

We may also share aggregated or deidentified usage data with third parties to help us perform analysis and make improvements. Additionally, we may share anonymous usage data on an aggregate basis in the normal course of operating our business; for example, we may share information publicly to show trends in the use of our Services.

Any personal information or other information you choose to submit in communities, forums, blogs, or chat rooms on our websites may be read, collected, and used by others who visit these forums, depending on your account settings.

For further information on the recipients of your personal information, please contact our Privacy Team at privacy@gainsight.com.

Links to Other Sites

Our Website may contain links to websites and services that are owned or operated by third parties (each, a “Third-party Service“). Any information that you provide on or to a Third-party Service or that is collected by a Third-party Service is provided directly to the owner or operator of the Third-party Service and is subject to the owner’s or operator’s privacy policy. We’re not responsible for the content, privacy or security practices and policies of any Third-party Service. To protect your information we recommend that you carefully review the privacy policies of all Third-party Services that you access.
For example, our Websites include plugins of social media platforms, such as Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA; X (formerly Twitter Inc.), 795 Folsom St., Suite 600, San Francisco CA 94107, USA; and LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA. You can identify the plugins by the respective network’s logo. Details about purpose and extent of data collection, as well as processing and use of the data by the social media networks can be obtained by reading the privacy policies of Facebook, X, and LinkedIn.

Cookies and similar tracking technology

We use cookies and similar tracking technology (collectively “Cookies”) to collect and use personal information about you. Please see Gainsight Cookie Policy here

How do we keep your personal information secure?

We use appropriate administrative, organizational, technical and physical safeguards to protect the personal information we collect and process about you. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal information and to help ensure that your data is safe and secure. Specific measures we use include using encryption technologies and storage on physically and electronically secured servers. However, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure. Although we strive to use commercially acceptable means to protect your personal information, we cannot guarantee absolute security. You are solely responsible for protecting your password, limiting access to your devices, and signing out of websites after your sessions. If you have any questions about the security of our Website, please contact us (see Contact Us below).

International data transfers

Your personal information may be collected, transferred to, and processed in, countries other than the country in which you are located, including the USA and other countries where we or our affiliates, subsidiaries or service providers (among others) maintain facilities. These countries may have data protection laws that are different to the laws of your country, and may not provide for the same level of data protection as your jurisdiction. We maintain primary data centers in the USA. Our group affiliates and our third party service providers and partners operate around the world. We take steps designed to ensure that the data we collect under this Privacy Policy is processed as described in this Privacy Policy and according to applicable law.

We have implemented appropriate safeguards to ensure that the recipient of your personal information offers an adequate level of protection, including entering into the standard contractual clauses for the transfer of personal data, or where required, we will ask you for your prior written consent for such international data transfers.

Where we transfer your personal information to countries and territories outside of Europe, Switzerland and the UK which have been formally recognized as providing an adequate level of protection for personal information, we rely on the relevant “adequacy decisions” and “adequacy regulations” from the European Commission, Swiss and UK authorities.

Where the transfer is not subject to an adequacy decision, we take appropriate safeguards to ensure that your personal information will remain protected in accordance with this Privacy Policy and applicable laws. These safeguards include implementing the European Commission’s Standard Contractual Clauses as issued on 4 June 2021 under Article 46(2) GDPR for transfers originating in the EU and Switzerland; and the UK Addendum under Article 46(2) of the UK GDPR for the transfer of data originating in the UK.

Our Standard Contractual Clauses entered into by our group companies and with our third party service providers and partners can be provided on request. Please note that some sensitive commercial information will be redacted. If you have any questions or concerns related to international data transfers, please contact us using the information set forth below.

Legal basis for processing personal information (EEA visitors only)

If you are resident in or a visitor from the European Economic Area, our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it. In most cases we use personal information where we have your consent to do so, where we need it to perform a contract with you, or where the processing is in our legitimate business interests. In some cases, we have a legal obligation to collect personal information from you.

If we ask you to provide personal Information to comply with a legal requirement or to enter into a contract with you, we will make this clear at the relevant time and advise you whether the provision of information is mandatory or not (as well as of the possible consequences if you do not provide your personal information). Similarly, if we collect and use your personal information in reliance on our legitimate interests, we will make clear to you at the relevant time what those legitimate interests are. Typically, our legitimate interests include: (i) improving our technology, products and services; (ii) for our marketing activities; and (iii) measuring the effectiveness of our marketing and promotional campaigns.

If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided under the “Contact Us” heading below.

EU-U.S. and Swiss-U.S. Data Privacy Framework (for Gainsight, Inc. and Northpass, Inc. only – as used in this section the term “Gainsight” only means these two entities )

Gainsight complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Gainsight has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Gainsight has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/

If there is any conflict between the terms in this section and the DPF Principles, the Principles shall govern. To learn more about the DPF, and to view our certification, please visit https://www.dataprivacyframework.gov/.

The types of personal information we receive in the US, as well as the purposes for which we collect and use it, are set out in the Sections above titled “What personal information do we collect?” and “How do we use the personal information that we collect?“. We will give you an opportunity to opt out where personal information we control about you is to be disclosed to an independent third party, or is to be used for a purpose that is materially different from those set out in this Privacy Policy. If you otherwise wish to limit the use or disclosure of your personal information, please contact us via the contact details set out below.

Information about the types of third parties to which we disclose personal information and the purposes for which we do so is described in the “What personal information do we collect?” section above [insert link]. If we have received your personal information in the US and subsequently transfer that information to a third party acting as an agent, and such third party agent processes your personal information in a manner inconsistent with the DPF Principles, we will remain liable unless we can prove we are not responsible for the event giving rise to the damage.

Please note that, under certain circumstances, we may be required to disclose your personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

If you are located in the EU or Switzerland, you have the right to request access to the personal information that we hold about you and request that we correct, amend, or delete it if it is inaccurate or processed in violation of the DPF Principles. If you would like to exercise these rights, please write to us at the contact details provided below under Contact Us. We may request specific information from you to confirm your identity and we will respond to your request in accordance with the DPF Principles and applicable data protection laws. You may also opt-out of receiving marketing communications from us by writing to us at the contact details provided below or by clicking on the “unsubscribe” or “opt-out” link in the marketing emails we send you.

We commit to resolve DPF-related complaints about our collection and use of your personal information. EU and Swiss individuals with DPF inquiries or complaints regarding our handling of personal information received in reliance on the EU-U.S. DPF and the Swiss-U.S. DPF should first contact us using the contact details provided below under Contact Us. We will investigate and attempt to resolve any DPF-related complaints or disputes within forty-five (45) days of receipt.

If you have an unresolved DPF complaint that we have not addressed satisfactorily, we have further committed to refer unresolved complaints under the DPF Principles to an independent dispute resolution provider located in the US operated by BBB National Programs. For more information or to submit a complaint, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers. This service is provided free of charge to you.

Under certain conditions, more fully described on the DPF website, you may be entitled to invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/G-Arbitration-Procedures-dpf?tabset-35584=2

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Gainsight commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU and UK individuals and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact Gainsight at privacy@gainsight.com

We reserve the right to amend this section from time to time consistent with the EU-U.S. DPF and the Swiss-U.S. DPF requirements.

Data Retention

We retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax or accounting requirements, to enforce our agreements or comply with our legal obligations). Because these needs can vary for different data types in the context of different services, actual retention periods can vary significantly. We determine the appropriate retention period for personal information based on the amount, nature and sensitivity of your personal information processed, the potential risk of harm from unauthorized use or disclosure of your personal information and whether we can achieve the purposes of the processing through other means, as well as applicable legal requirements (such as applicable statutes of limitation).

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

Please contact our Privacy Team at privacy@gainsight.com if you have any questions about the information we collect and/or how we use the information we collect.

Your data protection rights

Where we are acting as a controller, and depending on your location and subject to applicable law, you may have the following rights regarding the personal information we control about you:

  • You can access, review, change, update or delete your personal information at any time by contacting our Privacy Team at privacy@gainsight.com. Please note that we may impose a small fee for access and disclosure of your personal information where permitted under applicable law, which will be communicated to you. We do not charge you to update or remove your personal information.
  • To remove your personal information from a Website testimonial or request removal of your personal information from our blog or community forum, please contact our Privacy Team at privacy@gainsight.com. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why.
  • In addition, if you are a resident of the European Union, you can object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information. To exercise these rights please contact our Privacy Team at privacy@gainsight.com.
  • You can opt out of receiving promotional emails from us by emailing our Privacy Team at privacy@gainsight.com. If you choose to no longer receive marketing information, we may still communicate with you regarding such things as your security updates, product functionality, responses to service requests, or other transactional, non-marketing/administrative related purposes.
  • If you want your phone number to be added to our internal Do-Not-Call telemarketing register, please contact us (see Contact Us below). Please include your first name, last name, company, and the phone number you wish to add to our Do-Not-Call register. Alternatively, you can always let us know during a telemarketing call that you do not want to be called again for marketing purposes.
  • If we have collected and process your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
  • You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority. Contact details for data protection authorities in the European Economic Area (“EEA“), the United Kingdom, Switzerland and certain non-European countries (including the USA and Canada) are available here.

We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. To protect your privacy and security, we take reasonable steps to verify your identity before granting you account access or making corrections to your personal information.

Children

The Website and its content, as well as our products and services, are not directed at children. We do not knowingly collect, use or disclose any information from anyone under 16 years of age and do not knowingly target our Websites, products or services to children under the age of 16. Persons under 16 years of age should not use or provide any personal information through our Websites, products or services. If we learn we have collected or received personal information from a child under the age of 16, we will delete that personal information in accordance with applicable law. If you are a parent or guardian and you learn that your children have provided us with personal information, please contact us (see Contact Us below).

Notice to California Residents

The information in this section applies to residents of California. Please contact us at privacy@gainsight.com or by calling 1-888-623-8562 option 6 if you have any questions about this Privacy Policy, including this section specific to California residents, or if you would like a printed copy of this Privacy Policy. You may also print a copy of this Privacy Policy by selecting the “Print” button in your web browser.

The controller or business of your personal information is the specific member of the Gainsight group of companies whose website you have visited.

Categories of personal information that we collect

The categories of personal information that we have collected about you in the preceding 12 months and the third parties to whom we disclose such personal information for a business purpose are set forth below:

Categories of Personal Information We Collect  Examples 
Identifiers  Name, email address, phone number, IP address and unique personal identifiers associated with devices and browsers
Customer Records / Account Information  Name, address, phone number, organizational affiliation, position and billing information
Characteristics which may be protected classifications under California or Federal Law  Age, ethnicity, race, languages spoken and gender, to the extent such characteristics are voluntarily disclosed to us or contained in any content transmitted across or stored on our network 
Commercial Information  Records and history of products or services purchased or considered by you 
Internet or other electronic network activity information Interaction with our Websites, products and services
Geolocation Data  Approximate physical location derived from an IP address or information you provide on our Websites
Audio, electronic, visual, thermal, olfactory, or similar information Audio recordings of your marketing or customer relationship calls with us 
Professional or employment-related information Organizational affiliation and position and other information you may provide us as an applicant 
Education Information  Information you may provide us as an applicant regarding your education 
Inferences drawn to create a profile about a consumer Information about your interests or preferences as can be inferred from the information you provide through our Websites 
Sensitive Personal Information under the CCPA Information that you may provide to us in the course of your interactions with us, or as an applicant, or otherwise information that is contained in data provided by a customer of us, which includes (as defined in the CCPA):

  • Social Security number, driver’s license, state identification card, or passport number; 
  • Racial or ethnic origin, citizenship, or immigration status;
  • The contents of mail, email, and text messages unless we are the intended recipient of the communication; and
  • Precise geolocation.

We collect sensitive personal information for various purposes, including:

  • to uniquely identify you and for tax reporting purposes;
  • to comply with our legal obligations pursuant to applicable federal and state employment laws and regulations, including collecting and disclosing personal information as required by law (e.g., for minimum wage, payroll tax, as well as to comply with equal opportunity and anti-discrimination laws);
  • to facilitate and provide reasonable accommodations; and
  • to facilitate other business purposes as enumerated under the CCPA.

As defined by the CCPA, sensitive personal information shall be treated as personal information, except where it is collected or processed for “the purpose of inferring characteristics about a consumer.” We do not collect or process sensitive personal information for the purpose of inferring characteristics about individuals.

Further information regarding the categories of personal information we collect and the sources from which we collect it are described in the section above titled “What personal information do we collect?“. The business and commercial purposes for which we collect this information are described in the section titled “How do we use the personal information we collect?“. The categories of third parties to whom we “disclose” this personal information for a business purpose are described in the section titled “Who do we share your personal information with“.

When we disclose personal information for a business purpose, we enter into a contract that describes the purpose and requires the recipient to keep that personal information confidential and use it only for performance of the contract, and not for any other purpose.

Gainsight does not “sell” your personal information in exchange for any monetary consideration. We do share certain information for cross-context behavioral advertising purposes as defined by the CCPA under Cal. Civ. Code 1798.140(ad)(2). Some of our processing activities may also constitute “targeted advertising” as that term is defined under certain state laws.

We have shared in the preceding 12 months personal information as necessary for business purposes, as defined by Cal. Civ. Code 1798.140. This includes sharing personal identifiers, commercial information, and internet or other electronic network activity with customer relationship management, consulting, e-mail, product feedback, helpdesk services, advertising networks and website analytics companies. You have a right to direct Gainsight not to sell or share your personal information. We do not have actual knowledge that we have sold or shared personal information of individuals under the age of 16 for targeted advertising or cross-context behavioral advertising purposes.

For more information on how to opt out of the “sale” or “sharing” of your personal information, please see the subsection “Your Rights and How to Exercise Them” below.
However, please note that your use of our Websites may still be tracked by us and our vendors or partners to perform functions that are necessary for our businesses, such as hosting our Website, products and services, ensuring there is no fraud (click-fraud, fraudulent or bot traffic), etc. These entities are contractually obligated to keep such information confidential, and will not use it for any purpose other than for the services they provide to us.
California law requires us to let you know how we respond to web browser Do Not Track (DNT) signals. Because there currently is not an industry or legal standard for recognizing or honoring DNT signals, we do not respond to them at this time. For more information on “Do Not Track,” visit http://www.allaboutdnt.com.

Your Rights and How to Exercise Them

California residents have certain rights under the CCPA. Those rights may only apply in certain circumstances and may be subject to limitations or exceptions. A summary of those rights is provided below as well as information on how to exercise your rights. Please note that we will require certain identifying information about you as necessary for us to verify your request in accordance with applicable law.

  • Right to Know: You have the right to know what personal information we collect, use, disclose and/or sell about you. To exercise this right, please click here and complete the web form. You may also submit your request by calling 1-888-623-8562 option 6.
  • Right to Opt Out of Sale: You have the right to opt out or ask us not to sell your personal information. To exercise this right, please click here and complete the web form. You may also submit your request by calling 1-888-623-8562 option 6. We do not sell your personal information in exchange for money. We do share certain information with third parties to market products, services, and other offers we think may be of interest to you. The CCPA broadly defines the concept of “selling” information so we offer the opportunity for California residents to opt out of our sharing information with third parties in this manner. Please note that if you opt out of this information sharing with us, we will remove you from these activities; however, other companies may continue to use and disclose your information in the same manner. You should opt out of these practices with those other companies and websites, as applicable.
  • Right to Delete: You have the right to request us to delete the personal information we collect or maintain about you. To exercise this right, please click here and complete the web form. You may also submit your request by calling 1-888-623-8562 option 6. Please note that certain exceptions may apply to your right to delete information, such as when we must retain your information to comply with law. We will notify you if any such exceptions apply to your request.
  • Right to Non-Discrimination: You have the right not to receive discriminatory treatment by us for exercising any of your rights under the CCPA. However, we may offer certain financial incentives, charge reasonable fees related to your requests, or deny your right to know, right to opt out of sale or right to deletion in accordance with applicable law.

We may ask you to provide information that will enable us to verify your identity in order to comply with your request to exercise your privacy rights. You can exercise these rights yourself or you can designate an authorized agent to make a request on your behalf. Your authorized agent must be able to demonstrate authority to act on your behalf when submitting a verifiable request on your behalf. In some instances, we may decline to honor your request if an exception applies under applicable law. We will respond to your request in accordance with the requirements of applicable law.

You may have the right to appeal our decisions made with respect to your request. To appeal our decision on your request, you may contact us through one of the contact methods described under the Contact Us section below).. Please enclose a copy of, or otherwise specifically reference, our decision on your request, so that we may adequately address your appeal. We will respond to your appeal in accordance with applicable law.

If you are a California resident, you are entitled once a year, free of charge, to request and obtain certain information regarding our disclosure, if any, of certain categories of personal information to third parties for their direct marketing purposes in the preceding calendar year. To request the above information, please contact us using the contact details provided below [insert link] with a reference to “CA Disclosure Information” and include your name, street address, city, state, and ZIP code. In your request, please attest to the fact that you are a California resident and provide a current California address. We will reply to valid requests by sending a response to the email address or physical address from which you submitted your request. Please note that we are not required to respond to requests made by means other than through the provided email address or mail address. Please note that not all information sharing is covered by the “Shine the Light” requirements and only information on covered sharing and the relevant details required by the Shine the Light law will be included in our response.
You may also request information about our practices related to our disclosure of your Personal Information to certain third parties for their direct marketing purposes. As provided by California Civil Code Section 1798.83, a California resident who has provided information to Gainsight and with whom they have established a business relationship for personal, family, or household purposes (California customer) is entitled to request information about whether we have disclosed personal information to any third parties for the third parties’ direct marketing purposes. If applicable, this information would include the categories of customer information and the names and addresses of those businesses with which we shared customer information for the immediately prior calendar year. To request such information, please contact us through one of the contact methods described under the Contact Us section below).

Please allow 30 days for a response. Please note that we are only required to respond to one request per customer each year and you will not be charged for this request.

Changes to our Privacy Policy

We will update this Privacy Policy from time to time in response to changing legal, technical or business developments. The most current version of this Privacy Policy will govern our use of your personal information. If we make a material update to our Privacy Policy, we may provide you with notice prior to the update taking effect, consistent with the significance of the updates we make. We encourage you to periodically review this Privacy Policy to stay informed about our collection, processing and sharing of your personal information. You can see when this Privacy Policy was last updated by checking the “last updated” date displayed at the top of this Privacy Policy.

Contact Us

To exercise your rights regarding your personal information, or if you have any questions or concerns about our use of your personal information, please contact us by mail at: Attn: Gainsight, Inc., 350 Bay Street, Suite 100, San Francisco, CA 94133

ATTN: Gainsight Privacy Team

or by email at: privacy@gainsight.com.

In Europe, you can contact our United Kingdom and EEA representatives:

United Kingdom Representative:

Lionheart Squared Limited
17 Glasshouse Studios, Fryern Court Road
Fordingbridge, Hampshire SP6 1QX
U.K.
Email: privacy@lionheartsquared.com

EEA Representative:

Lionheart Squared (Europe) Ltd.
2 Pembroke House,
Upper Pembroke Street 28-32
Dublin D02 EK84
Ireland
Email: privacy@lionheartsquared.eu

You can also contact our Data Protection Officer (DPO) at privacy@gainsight.com.