Effective: January 1, 2014
We value your privacy, and we want to help make your experience with us as satisfying and safe as possible, whether you are accessing Gigya, Inc. (“Gigya”, “we” or “us) through 1) the use of any of our Social Components or Applications and/or 2) our website available at www.gigya.com, including the internal administration system provided to our Clients, available at platform.gigya.com (the “Platform”) (together, the “Gigya Website”).Gigya is a technology company offering a set of web-delivered tools, plugins, and services for enabling and optimizing social connectivity on third party websites and apps across the Internet and mobile (“Social Components”). Gigya also offers a legacy technology that enables the easy distribution of web content applications such as photos, videos, and other widgets to social networks and a wide variety of other Internet destinations, and directly to mobile devices (“Web Applications”). The Gigya Social Components enable online businesses (“Clients”) to (a) easily connect their websites to all of the major social platforms with Open ID and other external authentication providers (“Social Login”); (b) offer their website and mobile application visitors (“End Users”) on-site (or in-app) authentication through Social Login or through our Registration-as-a-Service product (“RaaS”), as well as social plugins (“Social Plugins”) and gamification features to enhance their on-site experience (“Gamification”); (c) analyze a website’s social, authentication, and gamification activity with helpful usage data and metrics (“Social Analytics”); and (d) outsource user data storage obtained through Social Login or RaaS (“Identity Storage”) or generic data storage as determined by Clients (“Data Store”).
- 1. How the Gigya Website Operates
- 2. How the Gigya Services Operate
- 3. Information We Collect
- 4. User-Supplied Information
- 5. How We Use Personal Information
- 6. When We Disclose Personal Information
- 7. Passive Data Collection
- 8. How We Use Passively-Collected Information
- 9. Information Received From Third Party Sources
- 10. Aggregate Information and Non-Identifying Information
- 11. Change of Ownership
- 12. Security
- 13. Children
- 14. Your Choices
- 15. Communications and Unsolicited Marketing Communications
- 16. International Users
- 17. EU and Swiss Safe Harbor
- 18. Third-Party Services
- 19. California Privacy Rights
- 21. Contacting Us
1. How the Gigya Website Operates
2. How the Gigya Services Operate
3. Information We Collect
A. On the Company Website
We collect two types of data about users: (1) information that you or others voluntarily submit to us (described below under “User-Supplied Information”) and (2) technical data automatically collected from all visitors to the Gigya Website (described below under “Passive Data Collection”).
B. Through the Gigya Services
We collect two types of data about End Users: (1) information that is passed through the Gigya API as a result of use of the Services (described below under “User-Supplied Information”) and (2) technical data automatically collected from all visitors to pages of a Client’s website that load the Gigya API (described below under “Passive Data Collection”).
4. User-Supplied Information
A. On the Gigya Website
We may collect user-supplied information, including, but not limited to, the following scenarios:
- If you choose to register on the Gigya Website, for example, in order to request a trial, you may be asked to provide information such as first and last name, email address, telephone number, and the company you are with (including your position). We will also ask you to select a password for your account.
- If you are a Client and have not previously registered on the Gigya Website and you create an account, or an account is created for you, on the Gigya Platform to manage your Services, you will be asked to provide information such as name and email address. We will also ask you to select a password for your account on the Gigya Platform.
- When you choose to provide us with your Personal Information via the Gigya Website in any other manner, including when you send us an email asking a question, submit a form to receive marketing materials or email newsletters, or request any research or whitepapers, including, without, limitation, at info.gigya.com.
B. Through the Gigya Services
If you, as an End User, choose to log into a Client’s website or mobile application using an account you have already established with a social networking platform (e.g., Facebook, Twitter) or an email platform (e.g., Gmail, Yahoo! Mail), you give the website (or mobile application) access to certain Personal Information stored on the given social network or email platform. Gigya, on behalf of our Clients, will collect this Personal Information through the Gigya API as well as other information that you previously provided to the social network or email platform and will pass this information back to our Client’s website or mobile application via Gigya’s API (“End User Passed Data”). This End User Passed Data may include, but not be limited to, your name, email address, postal address, and demographic information such as age and gender. Gigya’s technology facilitates the login process by wrapping the Gigya API around the API of each social network chosen by the Client. This enables the Client’s website or mobile application offering Social Login or Social Plugins to offer you the choice of logging in with more than one social network or email platform. The End User Passed Data collected by Gigya is not permanently stored by Gigya, but may be cached temporarily for performance purposes. Gigya simply facilitates the process of getting the End User Data from the social network back to the Client’s website and is acting as an agent or back-end vendor for our Clients. Gigya maintains no rights to the End User Passed Data other than utilizing the End User Passed Data to make the Services available to our Clients and End Users.
Identity Storage and Registration as a Service (RaaS)
If one of our Clients elects to utilize Gigya’s Identity Storage (database) technology in addition to Social Login, then Gigya will also store the End User Personal Information collected on the Client’s behalf (“Identity Storage Stored Data”). Gigya Clients may also elect to use RaaS to handle traditional (non-Social) login, registration, and profile management in addition to (or separate from) our Social Login Service. As an End User on one of our Client’s websites utilizing RaaS, you may provide certain Personal Information, including, but not limited to first name, last name, and email, via the standard site registration forms. Once you click to complete the registration process, that information is then stored in Gigya’s Identity Storage database (“RaaS Stored Data”).
Additionally, certain End User Personal Information is automatically stored or cached on our servers outside of the use of the Identity Storage Service, such as through Social Plugins or Gamification (“Auto Stored Data”). Identity Storage Stored Data, RaaS Stored Data and Auto Stored Data are collectively referred to as the “End User Stored Data.” Gigya maintains no rights to use this End User Stored Data, other than utilizing the End User Stored Data to make the Services available to our Clients and End Users. Gigya acts as an agent or back-end vendor of the Client’s website or mobile application, to which the End User of our Client granted the permissions (if applicable), and Gigya is storing the End User Stored Data on the Client’s behalf. All of the End User Stored Data is encrypted both at rest in the database, as well as in transit to and from the social networks and the Client’s website or mobile application.
If one of our Clients elects to utilize Gigya’s Data Store in addition to any other Social Components (or as a stand alone Service), then Gigya may store additional information, which may include Personal Information, on the Client’s behalf (“Data Store Information”). This Data Store Information may also include Personal Information that is not provided or collected through the Gigya Services. Gigya maintains no rights to use this Data Store Information, , other than utilizing this Data Store Information to make the Services available to our Clients and End Users. Gigya acts as an agent or back-end vendor of the Client’s and Gigya is storing the Data Store Information on the Client’s behalf.
Sharing via Email
Gigya’s Social Components may enable you to send emails to your friends. If you provide your email address, we will store that email address so that you do not need to re-enter it upon future use of this functionality.
Posting Comments, Chats, Reactions, Shares, and Ratings & Reviews via Gigya
The Service may enable you to vote, take polls, post comments, chats, ratings & reviews, reactions (such as “Amazing”, “LOL”, etc) and other user-generated content on Client’s websites or mobile applications through our API. The text and value (for ratings) of these submissions are collected and stored on behalf of our Clients for Comments and Ratings & Reviews. We also collect and store the content of Chats on behalf of our Clients for a limited time. These submissions are associated with the identity you used to authenticate with the given Social Plugin, and your name and profile picture will be displayed alongside your Chats, Comments, and Reviews on the Client’s website or mobile application. You may also opt-in to post this content to your connected social networks.
The Service may enable you to view a near-realtime feed of activity happening on a Client’s website or mobile application. The specific actions displayed in the Activity Feed are determined by the Client and can include such social actions as your sharing and commenting as well as non-social actions such as video views or purchases. We collect and store a record of these actions on behalf of our Clients when requested to do so for the purpose of displaying the Activity Feed. Your name and profile picture may be displayed alongside your actions as listed in the Activity Feed.
Participating in Gamification
The Service may enable you to earn points and rewards for taking specified actions on our Client’s websites. We collect and store this content on behalf of our Clients. This may include the display of information such as your name, profile picture, points, and badges, both to you directly and publicly to others on the Client’s website or applications.
While Gigya takes precautions to ensure the confidentiality of the Personal Information you submit to us via the Gigya Website and/or Services, please note that any information posted to publicly facing sections of the Gigya Website or Services or a Client’s website or a social network will be publicly available. For example, if you are using the social community networking features of our Service, the information you post there (e.g., your opinion about your favorite sports team) will be viewable by others. Any information you choose to provide in a comment or a submission should reflect how much you want others to know about you. We recommend that you guard your anonymity and we encourage everyone to think carefully about what information about themselves they disclose via this or any other public forum. For more information about your choices on privacy settings available on the Gigya Website or Services, please see the “Your Choices” heading below.
5. How We Use Personal Information
A. On the Gigya Website
We use Personal Information to establish and enhance our relationship with you. We may use Personal Information to operate, provide, improve, and maintain the Gigya Website and Services, and to develop new products and services; to prevent abusive and fraudulent use of the Gigya Website and Services; to personalize and display content on the Gigya Website; to send you information about products and services (including our products and services and those of third parties) in which we believe you may be interested; and for other administrative and internal business purposes.
We may use your e-mail address, including any email address provided at info.gigya.com or through the Gigya Website as set forth in the “Communications and Unsolicited Marketing Communications” section. We do not sell Personal Information transmitted to us through the Gigya Website.
B. Through Gigya Services
6. When We Disclose Personal Information
Gigya Service Providers
Gigya discloses certain End User Personal Information to Clients at the direction of the Client. Gigya is acting as an agent or back-end vendor of our Clients and maintains no rights to the End User Personal Information, except to make the Services available to the Client and the End User. If any End User Personal Information is accessed by a Client through the Gigya Platform, the Client accesses such End User Personal Information through a system of complex passwords and the access is protected with various rules and permissions. End User Stored Data is encrypted both at rest in Gigya’s database, as well as in transit to and from the social networks and to our Clients’ websites.
The types of End User Personal Information disclosed, include, but are not limited to the following:
- Passed to Client through Gigya API (End User Passed Data)
- Stored by Gigya through Gigya APIs and Accessed by Client (End User Stored Data and Data Store Information)
- Passed to Client through Gigya APIs and Made Available on Client’s Website or in Client’s Mobile Application
We may disclose Personal Information if we have a good-faith belief that doing so is required by a subpoena or other judicial or administrative order or otherwise required by law. Additionally, we may disclose Personal Information where we, in good faith, deem it appropriate or necessary to prevent violation of the Gigya Terms of Service, or our other agreements; take precautions against liability; protect the rights, property, or safety of Gigya, any individual, or the general public; maintain and protect the security and integrity of our services or infrastructure; protect ourselves and our services from fraudulent, abusive, or unlawful uses; investigate and defend ourselves against third-party claims or allegations; or assist government enforcement agencies.
7. Passive Data Collection
This section provides more information about some of those technologies and how they work.
- You can configure your Internet browser, by changing its options, to stop accepting cookies completely or to prompt you before accepting a cookie from the website you visit. If you do not accept cookies, however, you may not be able to use all portions of the Gigya Website or all functionality of the Services.
- Clear GIFs. Clear GIFs (also known as web beacons) are used in combination with cookies to help website operators understand how visitors interact with their websites. A clear GIF is typically a transparent graphic image (usually 1 pixel x 1 pixel) that is placed on a website. The use of a clear GIF allows the website to measure the actions of the visitor opening the page that contains the clear GIF. It makes it easier to follow and record the activities of a recognized browser, such as the path of pages visited at a website. Clear GIFs, which can be embedded in web pages, videos, or emails, can allow a web server to read certain types of information from your browser, check whether you have viewed a particular web page or email message, and determine, among other things, the time and date on which you viewed the Clear GIF, the IP address of your computer, and the URL of the web page from which the Clear GIF was viewed.
For more information about cookies and web beacons, please visit http://www.allaboutcookies.org/cookies/.
- Other local storage. We, along with our partners and vendors, use other kinds of local storage, such as Local Shared Objects, also referred to as “Flash cookies”, and HTML5 Local Storage (including IE local storage), also referred to as “browser cookies”.
- These technologies are similar to the cookies discussed above in that they are stored on your computer and can be used to store certain information about your activities and preferences. However, these objects are stored in different parts of your computer from ordinary browser cookies.
- We use Local Shares Objects in connection with the Services, including, but not limited to, in our legacy Web Application product, Wildfire, and also in communicating between pages or frames loaded from our domain and pages or frames loaded from our Client’s domain in browsers that do not support HTML5 for cross domain communication (for example, IE).
- We are using HTML5 Local Storage to improve the Service performance and End User experience by caching certain data objects locally so they don’t have to always be fetched from the server. We also store certain End User states required for delivering the Service, and use HTML5 Local Storage to store identifiers and access tokens in browsers that do not allow setting 3rd party cookies (for example, Safari).
- For information about disabling or deleting information contained in Local Shared Objects, please click here.
- For information about disabling or deleting information contained in HTML5 Local Storage, please refer to your browser’s user manual or please visit http://www.allaboutcookies.org/cookies/.
- Please note that disabling these technologies may interfere with the performance and features of the Services.
8. How We Use Passively-Collected Data
A. On the Gigya Website
On the Gigya Website, we may use passively-collected data to: (a) remember your information so that you will not have to re-enter it during your visit or the next time you visit the Gigya Website; (b) monitor your participation in various sections of the Gigya Website; (c) customize our service to you, including by providing you with recommendations; (c) monitor aggregate website usage metrics such as total number of visitors and pages viewed; and (d) administer, operate, and improve the Gigya Website and our other services and systems, and to provide services and content that are tailored to you.
B. Through the Gigya Services
Our Clients, in implementing Gigya’s Services, utilize the Gigya API within their own websites. When you use the Service, our servers passively collect data through the implementation of the Gigya API including, but not limited to, your IP address, page views, browser type, interactions with Gigya’s Services, the web page you are currently visiting and the web page you were visiting before you came to the Service, and social actions such as sharing and commenting. This information is used to facilitate delivery of the Service and, in some cases, for internal reports. Additionally, some of the information collected is used in the Client Reports. The Client Reports may contain both passively-collected information and End User Personal Information.
Certain passively-collected information collected by Gigya is also made available directly to the Client (“Gigya Events”). The Client then has the ability to manually pass the Gigya Events to third party analytics tools, like Google Analytics and Omniture Site Catalyst, for additional reporting, or at the Client’s election, to use technology provided by Gigya to automatically send the Gigya Events to these third party analytics tools. If a Client elects to use Gigya’s technology, then Gigya, as a service provider, sends such Gigya Events from websites owned by our Clients to their own third party analytics accounts. We do this only at the request and direction of the Client.
9. Information Received From Third Party Sources
10. Aggregate Information and Non-Identifying Information.
We may share aggregated information with Clients, prospective Clients, partners or the press in order to demonstrate usage of the Service, spot industry and advertising trends, and to generate publicity for the Service. Any aggregated information shared in these contexts will not contain Personal Information.
11. Change of Ownership
In the event of a change in ownership, or a merger with, acquisition by, or transfer or sale of all or a portion of our assets to, another entity, we reserve the right to transfer all of your Personal Information, including email addresses, to that entity. We will use reasonable efforts to notify registered users of any such transfer to an unaffiliated third party (by a posting on our homepage, or by email to your email address that you provided to us, as chosen by us in our discretion).
The security of your information is important to us, including, but not limited to, the Personal Information collected via the Gigya Website and Service. We use reasonable security measures to protect against the loss, misuse, and alteration of Personal Information under our control, both during the transmission and once we receive it. This includes, but is not limited to, the use of firewalls and encryption. Although we make good faith efforts to maintain the security of such Personal Information, no method of transmission over the Internet or method of electronic storage, is 100% secure and we cannot guarantee that it will remain free from unauthorized access, use, disclosure, or alteration. Further, while we work hard to ensure the integrity and security of our network and systems, we cannot guarantee that our security measures will prevent “hackers” or other unauthorized persons from illegally accessing or obtaining this information.
If we learn of a security breach, we may attempt to notify you electronically so that you can take appropriate protective steps. By using the Gigya Website or providing Personal Information to us, you agree that we can communicate with you electronically regarding security, privacy, and administrative issues relating to your use of the Gigya Website. If a security systems breach occurs, we may post a notice on our homepage (www.giyga.com) or elsewhere on the Gigya Website and may send email to you at the email address you have provided to us. Depending on where you live, you may have a legal right to receive notice of a security breach in writing. This notice paragraph applies to users of the Gigya Website and our Clients who utilize our Services on their third party websites only. Should there be a breach that affects End Users of Clients, the Client will be responsible for disseminating notice of such a breach to those End Users.
A. On the Gigya Website
The Children’s Online Privacy Protection Act (“COPPA”) protects the online privacy of children under 13 years of age. Gigya’s Website is not directed toward individuals under the age of thirteen (13), and we request that such individuals do not provide personally identifying information through our websites. Additionally, we do not knowingly collect or maintain Personal Information from anyone under the age of 13, unless or except as permitted by law. If we learn that Personal Information has been collected from a user under 13 years of age on or through the Gigya Website, then we will take the appropriate steps to cause this information to be deleted. If you are the parent or legal guardian of a child under 13 who has registered on the Gigya Website or you believe has otherwise provided Personal Information to Gigya, please contact Gigya at privacy [at] gigya [dot] com to have that child’s account terminated and information deleted.
B. Through the Gigya Services
Gigya’s Clients are responsible for ensuring that they are in compliance with COPPA, Gigya is merely acting at the direction of our Clients and as an agent of our Clients. For Clients using Gigya’s RaaS product, we provide our Clients with the ability to implement features to restrict the collection of information from users under the age of 13. If we learn that Personal Information has been collected from a user under 13 years of age through the Gigya Services without parental consent as required by COPPA and is stored on Gigya servers, then we will take the appropriate steps to cause this information to be deleted.
14. Your Choices
A. On the Gigya Website
You may, at any time, update, correct, or delete certain Personal Information that you have provided to us by contacting us at privacy [at] gigya [dot] com or at the address set forth below in the “Contacting Us” section. Additionally, anyone with a registered account on the Gigya Website may, at any time, review, update or correct the Personal Information in their registration profile by logging into their account, clicking on dropdown next to their name in the upper right-hand corner, and clicking to the Account section.
Please be aware that even if you update or remove Personal Information that you have provided to us, your Personal Information may be retained in our backup files and archives for a reasonable period of time for legal purposes.
B. Through the Gigya Services
If you are an End User registered on a Client’s website using Gigya’s technology to power its Social Components and you want to edit or delete any information captured about you on that Client’s website, you should contact the website owner directly. We have provided tools for our Clients using Gigya’s Identity Storage to allow the Client to implement a profile screen on their website that gives End Users the option to edit, delete, and download their information. It is up to each individual Client to utilize these tools. Through our Social Compliance™ service, used in connection with Gigya’s Identity Storage, Gigya will delete any non-public Facebook profile information if a user revokes permissions from the Client’s application to which those permissions were previously granted.
If you are an End User registered on a Client’s website using the Gamification component specifically, you have additional privacy settings you may access directly, in the event you do not want your profile and ranking to be displayed to other users on the website via the Leaderboard plugin. These settings are available in the “User Status” Social Plugin.
If you would like to opt out of having your image or name displayed publicly to other users of a Client’s website, you should contact that website’s owner directly.
15. Communications and Unsolicited Marketing Communications
If you registered on our Gigya Website, or otherwise opted in to receive communications from us, including through info.gigya.com, we may send you administrative messages and updates regarding your account, updates regarding the Gigya Website or Services, and information regarding offer, products and services of us and third parties, including, without, limitation, through social media updates, by email and postal mail. You may indicate your preferences regarding commercial email messages by taking the steps described in such messages. Also, you may indicate your preferences regarding commercial email messages and postal mail messages by contacting us using the information in the “Contacting Us” section below.
16. International Users
A. On the Gigya Website
B. Through the Gigya Services
17. EU and Swiss Safe Harbor
Gigya is a participant in the Safe Harbor program developed by the U.S. Department of Commerce and (1) the European Union and (2) Switzerland, respectively. We have certified that we adhere to the Safe Harbor Privacy Principles agreed upon by the U.S. and (1) the E.U. and (2) Switzerland, respectively. For more information about the Safe Harbor and to view our certification, visit the U.S. Department of Commerce’s Safe Harbor Web site. For more information about Gigya’s participation in the Safe Harbor program, please visit our Safe Harbor details page. If you have any questions about our Safe Harbor participation, please contact: privacy [at] gigya-inc [dot] com.
18. Third-Party Services
The Gigya Website and Services may contain links to websites and services provided by third parties. Any Personal Information you provide on third-party websites or services is provided directly to that third party and is subject to that third party’s policies governing privacy and security. If you choose to visit an advertiser by “clicking on” a banner ad or other type of advertisement, or click on another third party link, you will be directed to that third party’s website. The fact that we link to a website or present a banner ad or other type of advertisement is not an endorsement, authorization or representation that we are affiliated with that third party, nor is it an endorsement of their privacy or information security policies or practices. These other websites may place their own cookies or other files on your computer, collect data or solicit Personal Information from you. We are not responsible for the content or privacy and security practices and policies of third-party websites or services. We encourage you to learn about third parties’ privacy and security policies before providing them with Personal Information.
In addition, we use Google Analytics to analyze our users’ use of the Gigya Website. Google Analytics is currently on www.gigya.com and not on the Gigya Platform. Google Analytics provides us with aggregated data in order to help us make informed business decisions. We have indicated to Google that information collected through our use of Google Analytics on the Gigya Website should not be shared with third parties, even in an anonymous, aggregated fashion. Ultimately, Google, as a third party, controls information collected through Google Analytics and you should check and be comfortable with its privacy practices prior to using the Gigya Website. You may review information about Google’s privacy practices with respect to Google Analytics at http://www.google.com/analytics/learn/privacy.html.
19. California Privacy Rights
Under California law, California residents are entitled to ask us for a notice describing what categories of Personal Information we share with third parties for their direct marketing purposes. The notice will identify the categories of Personal Information shared with third parties, as well as the name and address of the third parties that receive such Personal Information. If you want a copy of this notice, please submit a written request to the following address:
- Attn: gigya.com Privacy
- 2513 E. Charleston Rd
- Suite #200
- Mountain View, CA 94043
Gigya does not share Personal Information with third parties for their direct marketing purposes.
21. Contacting Us
Attn: gigya.com Privacy
2513 E. Charleston Rd
Mountain View, CA 94043