Last Updated: May 24th, 2018
Gainsight, Inc. (“Gainsight“, “we” “our“) respect your privacy. This Services Privacy Notice (the “Notice”) explains who we are, how we collect, share and use personal information about you, and how you can exercise your privacy rights. This Notice only applies to personal information we collect through Gainsight’s products, applications and services (together, the “Services“).
In this Notice, the organizations that have procured and contracted for our Services are referred to as our “Customers“, and “Users” or “you” refers to both our Customers, their account managers or any other individual authorized to use the Services under the Customer’s account. We also refer in this Notice to “Customer Contacts” who are our Customer’s own customers and contacts.
For personal information that we collect:
- when you use our websites www.gainsight.com and in the usual course of our business, including product feedback and surveys, and in connection with our events, sales and marketing activities, please see our general privacy notice;
IMPORTANT NOTICE TO USERS AND CUSTOMER CONTACTS:
Our Services are intended for use by our Customers. As a result, for much of the personal information we receive and process about our Customer, their Users and Customer Contacts, we act as a processor on behalf of our Customers. This Notice does not apply to any personal information that we process as a processor on behalf of our Customers. Gainsight is not responsible for the privacy or security practices of our Customers, which may differ from those set forth in this Notice. Please see the Section headed “Information we process on behalf of our Customers”
We recommend that you read this Notice in full to ensure that you are fully informed. However, if you only want to access a particular section of this Notice, then you can click on the relevant link to jump to that section.
- Who We Are
- Information We Collect
- How We Use Information
- How We Share Your Information
- Cookies and Similar Tracking Technology
- How We Keep Your Information Secure
- International Data Transfers
- EU-U.S. Privacy Shield Notice
- Data Retention
- Legal Basis for Processing (EEA users only)
- Your Data Protection Rights
- Changes to this Notice
- Contact Us
Who We Are
Gainsight, Inc. is a company incorporated under the laws of the State of [Delaware, USA and whose principal office is located at 1400 Bridge Parkway, Suite 101, Redwood City, California 94065, USA. We own and operate a proprietary customer success management platform to enable companies (our Customers) to better utilize their own customer data.
Information We Collect
The personal information that we may collect about you falls into two broad categories:
(i) Information that you provide to us: You may provide personal information to us through the Services – for example, when you sign up for and use the Services, consult with our customer success or support teams, send us an email, integrate the Services with another website or service (for example, when you choose to connect your Salesforce account with Gainsight), or communicate with us in any other way.
We will let you know prior to collection whether the provision of personal information we are collecting is compulsory or may be provided on a voluntary basis and the consequences, if any, of not providing the information.
We ask Users to provide information such as name, email address, telephone number, job title, and organization name. If you purchase our Services, you may also need to provide us with payment and billing information such as your credit card details and billing address. We will also maintain a record of your purchases, transactional information, your Services history and usage, and any communications and responses.
The information we automatically collect through the Services includes:
Device specific information, such as your IP address, device attributes (for example: hardware model, operating system, web browser version, as well as unique device identifiers and characteristics), connection information (for example, name of your mobile operator or Internet Service Provider, browser type, language and time zone, and mobile phone number); and device locations (for example, internet protocol (IP) addresses and Wi-Fi information).
Product usage data, which may include the dates and times you access the Services, page views, which activities and features are used of our Services, crash logs, customer storage configuration settings, and technical data relating to devices accessing and using the Services and the performance of the Services in doing so.
In addition to the above two categories, we may also process the following information:
(i) Information we process on behalf of our Customers: When Customers upload, input or generate personal information in the Services about their Customer Contacts or Users, we will act as a processor and process such personal information on our Customer’s behalf and our privacy practices will be governed by the contract we have in place with our Customers. This Notice will not apply to such personal information.
In accordance with our Terms of Service, we will only process such personal information for the purposes of providing the Services and in accordance with our Customer’s instructions. Please check with the Customer about the policies it has in place. We are not responsible for the privacy or security practices of our Customers, which may differ from those set forth in this Notice.
(ii) Information we collect about Customer Contacts: We may collect and make available within the Services certain personal information about Customer Contacts from publicly available sources (like LinkedIn). This information may include the Customer Contacts name, email address, telephone number, job title, and organization name and any other information publicly available. When we obtain information about Customer Contacts from third party sources, we take steps to ensure that such third parties are legally permitted or required to disclose such information to us.
How We Use Information
We use the information collected about you for a variety of reasons, including for the following purposes, as applicable:
How We Share Your Information
We will not share your personal information except in limited circumstances, including:
- to our third party service providers and partners who provide data processing services to us (for example, to support the delivery of, provide functionality on, or help to enhance the security of our Services), or who otherwise process personal information for purposes that are described in this Notice or notified to you when we collect your personal information.
- to any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person.
- to a potential buyer (and its agents and advisers) in connection with any proposed purchase, merger or acquisition of any part of our business, provided that we inform the buyer it must use your personal information only for the purposes disclosed in this Notice.
- to any other person with your consent to the disclosure.
Cookies and Similar Tracking Technology
How We Keep Your Information Secure
We use appropriate administrative, organizational, technical and physical safeguards to protect the personal information we collect and process about you. The measure we use are designed to provide a level of security appropriate to the risk of processing your personal information and to help ensure that your data is safe, secure, and only available to you and to those you provided authorized access (e.g., your Users).
International Data Transfers
Please be aware that your personal information may be transferred to, and processed in, countries other than the country in which you are resident. These countries may have data protection laws that are different to the laws of your country.
Specifically, our servers are located in the United States, and our third party service providers and partners operate in the United States.
We have implemented appropriate safeguards with our third party service providers and partners and further details can be provided upon request.
EU-U.S. Privacy Shield Notice
Gainsight participates in and complies with the EU-U.S Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from participating European countries (including those located in the EU) in the United States.
Gainsight adheres to and will abide by the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement, and Liability when processing such personal information.
Gainsight is responsible for the processing of personal information it receives under the EU- US Privacy Shield Framework and subsequently transfers to a third party acting as an agent on its behalf. We comply with the Privacy Shield Principles for all onward transfers of personal information from participating European countries, including the onward transfer liability provisions.
Questions or complaints: In compliance with the EU-US Privacy Shield Principles, Gainsight is committed to resolving complaints about our collection or use of your personal information. If you are resident of a European country participating in the EU-US Privacy Shield, you may direct your inquiries or complaints regarding this Notice to us using the contact details provided below. We will work with you to resolve your issue.
Dispute Resolution: Gainsight has further committed to refer unresolved complaints under the EU-US Privacy Shield Principles to the BBB EU Privacy Shield, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you don’t receive timely acknowledgment of a complaint you have submitted, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information. If your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.
U.S. Federal Trade Commission Enforcement: With respect to personal information received or transferred pursuant to the Privacy Shield Frameworks, we are subject to the regulatory enforcement powers of the U.S. Federal Trade Commission (FTC).
Requirement to disclose: In certain situations, we may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
For more information about the Privacy Shield, see the US Department of Commerce’s Privacy Shield website located at: https://www.privacyshield.gov. To review our certification on the Privacy Shield list, see the US Department of Commerce’s Privacy Shield self-certification list located at: https://www.privacyshield.gov/list.
We retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to fulfil the purposes outlined in this Notice, to provide the Service or to comply with applicable legal, tax or accounting requirements, to enforce our agreements or to comply with our legal obligations).
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
Please contact us at firstname.lastname@example.org if you have any questions about the information we collect and/or how we use the information we collect.
Legal Basis for Processing (EEA users only)
If you are resident in or a visitor from European Economic Area, our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it. In most cases we use personal information where we have your consent to do so, where we need it to perform a contract with you, or where the processing is in our legitimate business interests. In some cases, we have a legal obligation to collect personal information from you.
If we ask you to provide personal Information to comply with a legal requirement or to enter into a contract with you, we will make this clear at the relevant time and advise you whether the provision of information is mandatory or not (as well as of the possible consequences if you do not provide your personal information). Similarly, if we collect and use your personal information in reliance on our legitimate interests, we will make clear to you at the relevant time what those legitimate interests are.
Typically, our legitimate interests include (i) improving our technology, products and services; and (ii) ensuring the security of the Services.
If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided under the “Contact Us” heading below.
Your Data Protection Rights
You have the following data protection rights:
- You can access, review, change, update or delete your personal information at any time by contacting us email@example.com. Please note that we may impose a small fee for access and disclosure of your personal information where permitted under applicable law, which will be communicated to you. We do not charge you to update or remove your personal information.
- To remove your personal information from our Services, contact us at firstname.lastname@example.org. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why.
- In addition, if you are a resident of the European Economic Area (“EEA’), you can object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information. To exercise these rights email email@example.com.
- You can opt out of receiving promotional emails from us by emailing firstname.lastname@example.org. If you choose to no longer receive marketing information, we may still communicate with you regarding such things as your security updates, product functionality, responses to service requests, or other transactional, non-marketing/administrative related purposes.
- If we have collected and process your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
- You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority. Contact details for data protection authorities in the European EEA, Switzerland and certain non-European countries (including the US and Canada) are available here.
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. To protect your privacy and security, we take reasonable steps to verify your identity before granting you account access or making corrections to your personal information.
Further Information for Users and Customer Contacts: As described above in the Section headed “Information We Process on Behalf of Our Customers” , for much of the personal information we collect and process about Users and Customer Contacts through the Services, we act as a processor on behalf of our Customers. In such cases, if you are a User or Customer Contact and want to exercise any data protection rights that may be available to you under applicable law or have questions or concerns about how your personal information is handled by Gainsight as a processor on behalf of our Customers, you should contact the relevant Customer that has contracted with Gainsight for use of the Services, and refer to their separate privacy policies.
If you are a Customer Contact and no longer want to be contacted by one of our Customer’s through our Services, please unsubscribe directly from that Customer’s marketing communication or contact the Customer directly to update or delete your information.
We are in compliance with the requirements of COPPA (Children’s Online Privacy Protection Act), as we do not collect any information from anyone under 13 years of age. The Services and its content are directed to people who are at least 18 years of age or older. We do not collect any information from anyone under 18 years of age. If you are under the age of 18, you may not use this Website unless you have the consent of, and are supervised by, a parent or guardian.
Changes to this Notice
We may revise this Notice from time to time in response to changing legal, technical or business developments. The most current version of this Notice will govern your use of your personal information. When we update our Notice, we will take appropriate measures to inform you, consistent with the significance of the changes we make.
We will obtain your consent to any material Notice changes if and where this is required by applicable data protection laws. You can see when this Notice was last updated by checking the “last updated” date displayed at the top of this Notice.
We commit to resolve complaints about your privacy and our collection or use of your personal information. If you have any questions or concerns about our use of your personal information, please contact email@example.com using the following details:
By post: Attn: Gainsight, Inc., 1400 Bridge Parkway Suite 101, Redwood City, CA 94065
By email: firstname.lastname@example.org
Important Information: If you are located in the EEA, Gainsight, Inc. is the data controller of your personal information.