- Websites Covered
- Information We Collect
- Use of Collected Information
- Disclosure of Collected Information
- Your Choices
- Communications and Unsolicited Marketing Communications
- Client Data
- International Users
- EU and the Data Privacy Shield Framework
- U.S. – Swiss Safe Harbor Framework
- Third Party Ad Networks/li>
- Contact Us
1. Websites Covered
2. Information We Collect
We collect the following data about users: (1) information that you voluntarily submit to us (“User- Supplied Information”); (2) technical data automatically collected from all visitors to the Gigya Website (described below under “Passive Data Collection”); (3) information we collect through our Services; and (4) information we collect from third party sources.
User-Supplied Information. We may collect user-supplied information when you choose to provide us with your Personal information via the Gigya Website, including when you send us an email asking a question, register to attend seminar, submit a form to receive marketing materials or email newsletters, or request any research or whitepapers, including, without limitation, at info.gigya.com.
3. Use of Collected Information
We use personal information to establish and enhance our relationship with you. We may use personal information to operate, provide, improve, and maintain the Gigya Website and Services, and to develop new products and Services; to prevent abusive and fraudulent use of the Gigya Website and Services; to personalize and display content on the Gigya Website; where permitted by applicable law, to send you information, including via email, about our products and Services in which we believe you may be interested; to respond to your inquiries and for other customer service purposes; and for other administrative and internal business purposes.
We may use your e-mail address, including any email address provided at info.gigya.com or through the Gigya Website as set forth in the “Communications and Unsolicited Marketing Communications” section. On the Gigya Website, we may use passively collected data to: (a) remember your information so that you will not have to re-enter it during your visit or the next time you visit the Gigya Website; (b) monitor your participation in various sections of the Gigya Website; (c) customize our Service to you, including by providing you with recommendations; (c) monitor aggregate website usage metrics such as total number of visitors and pages viewed; and (d) administer, operate, and improve the Gigya Website and our other Services and systems, and to provide Services and content that are tailored to you.
4. Disclosure of Collected Information
We do not sell or rent email addresses and other personal information that we collect directly through the Gigya Website. Please be aware, however, that any information that you voluntarily choose to display on any publicly available portion of the Gigya Website, or on any Service, becomes publicly available and may be collected and used by us or others without restriction. We share your information, including personal information, as follows:
Gigya Service Providers
We may disclose personal information if we have a good-faith belief that doing so is required by a subpoena or other judicial or administrative order or otherwise required by law. Additionally, we may disclose personal information where we, in good faith, deem it appropriate or necessary to prevent violation of the Gigya Terms of Service, or our other agreements; take precautions against liability; protect the rights, property, or safety of Gigya, any individual, or the general public; maintain and protect the security and integrity of our services or infrastructure; protect ourselves and our services from fraudulent, abusive, or unlawful uses; investigate and defend ourselves against third-party claims or allegations; or assist government enforcement agencies.
Aggregate Information and Non-Identifying Information.
We may share aggregated information with Clients, prospective Clients, partners or the press in order to demonstrate usage of the Service, identify industry and advertising trends, and to generate publicity for the Gigya Services.
5. Your Choices
On the Gigya Website
You may, as a visitor to our website, choose not to provide us with personal information. You may also, at any time, access your personal information to update, correct, or delete certain personal information about you by contacting us at email@example.com or at the address set forth below in the “Contact Us” section.
In addition you may decide not to opt–in, either when you first provide Gigya with any personal information, to receive marketing information from Gigya about products and services (including our products and services and those of third parties). See also Section 6, “Communications and Unsolicited Marketing Communications”, for additional information regarding changing your preferences or opting out of receiving marketing information.
Please be aware that even if you update or remove personal information that you have provided to us, your personal information may be retained in our backup files and archives for a reasonable period of time for legal purposes.
6. Communications and Unsolicited Marketing Communications
If you opted in to receive communications from us, including through info.gigya.com, we may send you administrative messages and updates regarding your account, updates regarding the Gigya Website or Services, and, where permitted by applicable law, information regarding our offer, products and services, including, without, limitation, through social media updates, by email and postal mail. If you no longer want to receive commercial email messages, you may indicate your preferences regarding commercial email messages by taking the steps described in such messages. Also, you may indicate your preferences regarding commercial email messages and postal mail messages by contacting us using the information in the “Contact Us” section below.
7. Client Data
We collect, use, and retain certain information at the direction and on behalf of our Clients from individuals (“End Users”) who use the Client website (Client Data). Gigya has no relationship with such End Users whose Client Data we process on behalf of our Clients. We also do not decide how the Clients use such Client Data. Gigya does not access and use the Client Data, except at directed by our Clients or required by law.
Information Collected Directly Through Use of the Services about End Users: We collect two types of data about End Users: (1) information that is passed through the Gigya Services as a result of use of the Services and (2) technical data automatically collected from all visitors to pages of your website that load the Gigya Services. The information that we collect on your behalf depends on the particular Services to which you subscribe and your preferences.
End User Information: We maintain no rights to use any End User Personal Information transmitted to us on your behalf through the Gigya Services or received from the social networks, except to make the Services available to you and/or End User.
We use the information that we collect automatically about the use of our Services to facilitate delivery of the Service and, in some cases, for internal reports. Additionally, some of the information collected is used in the Client Reports. The Client Reports may contain both passively-collected information and End User Personal Information.
If you are a customer of one of our Client’s, and you want to edit or delete any information captured about you on that Client’s website, you should contact the Client directly.
The Gigya Website is hosted in the United States, and we may use service providers in the United States and elsewhere to process personal information on our behalf. If you use the Gigya Website outside the U.S., please note that your personal data may be transferred outside of your home jurisdiction to the United States and to other jurisdictions where our affiliates and service providers are located. Some of these jurisdictions, including the United States, do not have equivalent data protection laws as the European Union and other jurisdictions. By using our Website or Services, you are agreeing that your personal data may be transferred to the United States and other jurisdictions, as explained in this Section.
For EU residents, see Section 9, “EU and the Privacy Shield” below, for information regarding (i) Gigya’s participation in the EU-US Privacy Shield Program and (ii) Gigya’s handling of Personal information received from the European Union.
9. EU and the Data Privacy Shield Framework
Gigya complies with the U.S.-E.U. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information obtained from European Union member countries. Gigya has certified that its processing of personal information from E.U. member countries is in accordance with the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, Recourse, Enforcement and Liability (the “Principles”). You may view our certification here https://www.privacyshield.gov/list. Gigya and its subsidiaries are subject to the investigatory and enforcement authority of the Federal Trade Commission.
Information We Process. We collect, in accordance with the Privacy Shield principles, the categories of information described in sections 2 and 7 above. We process personal information about website users for the purposes described in section 3 above. Please note: additional information about Gigya’s participation in the Privacy Shield program, with regard to data collected in a capacity as a processor to our Clients, is available in the client portal.
Accessing Personal information. The Privacy Shield Principles provide individuals located in the E.U. whose personal information we process with the right to access their personal information in order to review, correct, amend or delete information processed under the Principles. E.U. individuals who use our Site and would like to access their personal information may contact Gigya at firstname.lastname@example.org or at the address set forth in the “Contact Us” section. Additionally, anyone with a registered account on the Gigya Console may, at any time, review, update or correct the Personal information in their registration profile by logging into their account, clicking on dropdown next to their name in the upper right-hand corner, and clicking to the Account section.
E.U. End Users whose personal information we process on behalf of a Gigya Client (as a data processor) should first contact the Gigya Client, who is the controller of your personal information, to access their personal information; Gigya will work with its Clients to provide End Users the necessary access about what personal information is processed.
Transfers to Third Parties. As described in the “Disclosure of Collected Information” section above, we may transfer personal information from the E.U. to third parties. We contractually require third parties to whom we transfer personal information to provide the same level of protections as the Principles. Gigya remains responsible for the personal information we receive and transfer under Privacy Shield.
In accordance with our legal obligations, we may also transfer, subject to a lawful request, personal information to public authorities for law enforcement or national security purposes.
Contacting Us, Complaints and Dispute Resolution. E.U. individuals who have questions or complaints about how we process their personal information may contact us at email@example.com. We will work to resolve your issue and respond no later than 45 days of receipt.
If you are unable to resolve the issue directly with us, you may file, free of charge, a complaint with our independent dispute resolution provider JAMS, located in the United States. For more information about JAMS dispute resolution process or to file a complaint, please visit https://www.jamsadr.com/eu-us-privacy-shield.
E.U. individuals may also submit complaints through their local Data Protection Authority (DPA). We will work with the Department of Commerce to resolve any complaints forwarded by a DPA. Finally, if we are unable to resolve any complaints through any of the above methods, an E.U. individual may invoke binding arbitration in accordance with the Privacy Shield Framework.
10. U.S. – Swiss Safe Harbor Framework
Gigya complies with the U.S. – Swiss Safe Harbor Framework, as set forth the U.S. Department of Commerce regarding the collection, use and retention of personal data from Switzerland, Gigya has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data, integrity, access and enforcement. To view Giga’s certification see: https://safeharbor.export.gov/companyinfo.aspx.
Please e-mail any comments or questions regarding our Safe Harbor compliance to firstname.lastname@example.org. If you have a complaint regarding the use of your personal information that cannot be resolved with us directly, you may contact the JAMS using the procedures at http://www.jamsadr.com/safe-harbor-claim.
The security of your information is important to us, including, but not limited to, the personal information collected via the Gigya Website and Service. We use reasonable security measures to protect against the loss, misuse, and alteration of Personal information under our control, both during the transmission and once we receive it. This includes, but is not limited to, the use of firewalls and encryption. Although we make good faith efforts to maintain the security of such personal information, no method of transmission over the Internet or method of electronic storage, is 100% secure and we cannot guarantee that it will remain free from unauthorized access, use, disclosure, or alteration. Further, while we work hard to ensure the integrity and security of our network and systems, we cannot guarantee that our security measures will prevent “hackers” or other unauthorized persons from illegally accessing or obtaining this information.
If we learn of a security breach involving your personal information, we may attempt to notify you electronically so that you can take appropriate protective steps. By using the Gigya Website or providing personal information to us, you agree that we can communicate with you electronically regarding security, privacy, and administrative issues relating to your use of the Gigya Website. If a security systems breach occurs, we may post a notice on our homepage (www.giyga.com) or elsewhere on the Gigya Website and may send an email to you at the email address you have provided to us. Depending on where you live, you may have a legal right to receive notice of a security breach, involving your personal information, in writing. This notice paragraph applies to users of the Gigya Website and our Clients who utilize our Services on their third party websites only. Should there be a breach that affects End Users of Clients, the Client will be responsible for disseminating notice of such a breach to those End Users.
The Children’s Online Privacy Protection Act (“COPPA”) protects the online privacy of children under 13 years of age. Gigya’s Website is not directed toward individuals under the age of thirteen (13), and we request that such individuals do not provide personally identifying information through our websites. Additionally, we do not knowingly collect or maintain personal information from anyone under the age of 13, unless or except as permitted by law. If we learn that personal information has been collected from a user under 13 years of age on or through the Gigya Website, then we will take the appropriate steps to cause this information to be deleted. If you are the parent or legal guardian of a child under 13 who has registered on the Gigya Website or you believe has otherwise provided personal information to Gigya, please contact Gigya at email@example.com to have that child’s account terminated and information deleted.
In addition, we use Google Analytics to analyze our users’ use of the Gigya Website. Google Analytics is currently on www.gigya.com. Google Analytics provides us with aggregated data in order to help us make informed business decisions. Ultimately, Google, as a third party, controls information collected through Google Analytics and you should check and be comfortable with its privacy practices prior to using the Gigya Website. You may review information about Google’s privacy practices with respect to Google Analytics at http://www.google.com/analytics/learn/privacy.html.
14. Third-Party Ad Networks
You may opt-out of many third-party ad networks, including those operated by members of the Network Advertising Initiative (“NAI”) and the Digital Advertising Alliance (“DAA”). For more information regarding this practice by NAI members and DAA members, and your choices regarding having this information used by these companies, including how to opt-out of third-party ad networks operated by NAI and DAA members, please visit their respective websites: www.networkadvertising.org/optout_nonppii.asp (NAI) and www.aboutads.info/choices (DAA).
Opting out of one or more NAI member or DAA member networks (many of which will be the same) only means that those members no longer will deliver targeted content or ads to you. It does not mean you will no longer receive any targeted content or ads on our Site or other websites. You may continue to receive advertisements, for example, based on the particular website that you are viewing. Also, if your browsers are configured to reject cookies when you visit this opt-out page, or you subsequently erase your cookies, use a different computer or change web browsers, your NAI or DAA opt-out may no longer be effective. Additional information is available on NAI’s and DAA’s websites accessible by the above links.
16. Contact Us
2513 E. Charleston Rd. Suite #200
Mountain View, CA 94043