Gigya is now SAP Customer Data Cloud. Learn more
Forrester logo Download the report

Privacy Policy

Effective: May 11, 2018

Protecting the individual’s privacy on the Internet is crucial to the future of Internet-based business and the move towards a true Internet economy. We have created this Privacy Policy to demonstrate our firm commitment to the individuals’ right to data protection and privacy. This Privacy Policy outlines our handling practices with regards to such information that can be used to directly or indirectly identify an individual (“Personal Data”).


When does this Privacy Policy apply? This Privacy Policy applies to Personal Data that you provide to us or which is derived from such Personal Data as further outlined below. For additional information about cookies and other web tracking technologies that we are using please see also our Cookie Policy.

Data Controller. Data controller in case of the website (“Website”) is Gigya, Inc., 2513 E. Charleston Rd, Suite 200, Mountain View, CA 94043, USA (“Gigya”). Gigya, Inc. is a subsidiary of SAP America Inc., which is an affiliate of SAP SE and thus part of the SAP group. The group’s data protection officer is Mathias Cellarius (

What does Gigya do with my Personal Data? Gigya will process the Personal Data provided hereunder only as set out in this Privacy Policy. Where the processing of your Personal Data is based on a statutory permission, you can find information on which Personal Data Gigya is processing or using and the corresponding purposes for such processing or use in Section B. below. Where consent for the processing of your Personal Data is required you can find further information in Section C. below. Section D. describes Gigya’s processing operations (as a data processor) with regard to Personal Data about individuals (“End Users”) at the direction and on behalf of users (“Clients”) of the Gigya services (“Services”) (as the data controllers). In this Privacy Policy, “Services” include Gigya’s web services, products, offerings, contests, sweepstakes, other content, non-marketing related newsletters, whitepapers, tutorials, trainings and events. Section E. provides further information about transfers of Personal Data outside of the European Economic Area (“EEA”).

Duration of processing of Personal Data. Notwithstanding those instances where your Personal Data is processed or used by Gigya based on a statutory permission (see Section B. below) or your consent (see Section C. below), Gigya will only store your Personal Data (i) for as long as it is required to fulfil the purposes set out below, (ii) until you object to Gigya’s use of your Personal Data (if Gigya uses your Personal Data based on legitimate interest), or (iii) until you withdraw your consent (if Gigya uses your Personal Data based on your consent). However, where Gigya is required by mandatory law to retain your Personal Data longer or where your Personal Data is required for Gigya to assert or defend against legal claims, Gigya will retain your Personal Data until the end of the relevant retention period or the settlement of the claims in question.

Why am I required to provide Personal Data? As a general principle, granting of any consent and the provision of any Personal Data hereunder is entirely voluntarily to you. However, there are circumstances where Gigya cannot take action without certain Personal Data (e.g., because Personal Data is required to process your orders or provide you with access to a web offering or newsletter). In these cases it will unfortunately not be possible for Gigya to provide you with what you request without the relevant Personal Data.

Where Gigya will my Personal Data be processed? The Website is hosted in the United States, and as part of the SAP global group of companies, Gigya has affiliates and third-party service providers within as well as outside of the EEA. As a consequence, whenever Gigya is using or otherwise processing your Personal Data for the purposes set out in this Privacy Policy, Gigya may transfer your Personal Data to countries outside of the EEA, including to such countries where a statutory level of data protection applies that is not comparable to the level of data protection within the EEA, as further described in this Privacy Policy under Section E.

Data subjects’ rights. You can request from Gigya at any time information about which Personal Data Gigya processes about you and the correction or deletion of such Personal Data.  Notwithstanding your request, Gigya may retain your Personal Data if there is a statutory obligation or prevailing right of Gigya to retain it. Kindly note that if you request the deletion of your Personal Data from Gigya you will not be able to further use such Gigya Services which require Gigya’s use of your Personal Data.

If Gigya uses your Personal Data based on your consent or to perform a contract with you, you may further request from Gigya a copy of the Personal Data that you have provided to Gigya  To make such a request, please contact the email address below and specify the information or processing activities to which your request relates, the requested format for your Personal Data (provided it is commonly used), and whether the Personal Data shall be provided to you or another recipient. Gigya will carefully review your request and discuss with you how it can be best implemented.

Furthermore, you can request from Gigya that Gigya restricts your Personal Data from any further processing in any of the following events: (i) you state that the Personal Data Gigya has about you is incorrect, however, only for as long as Gigya requires to check the accuracy of the relevant Personal Data, (ii) there is no legal basis for Gigya’s processing of your Personal Data and you demand that Gigya restricts your Personal Data from further processing, (iii) Gigya no longer requires your Personal Data but you claim that you require such data in order to claim or exercise legal rights or to defend against third party claims, or (iv) in case you object to the processing of your Personal Data by Gigya for as long as it is required to review as to whether Gigya has a prevailing interest or legal obligation in processing your Personal Data.

Please direct any such request to

Right to lodge a complaint. If you take the view that Gigya is not processing your Personal Data in accordance with the requirements set out herein or applicable EEA data protection laws, you can at any time lodge a complaint with the data protection authority of the EEA country where you live.

Use of this website by children. The Website is not directed toward individuals under the age of thirteen (13), and we request that such individuals do not provide Personal Data through our Website. Additionally, we do not knowingly collect or maintain Personal Data from anyone under the age of 13, unless or except as permitted by law. If we learn that Personal Data has been collected from a user under 13 years of age on or through the Website, then we will take the appropriate steps to cause this information to be deleted. If you are the parent or legal guardian of a child under 13 who has registered on the Website or you believe has otherwise provided Personal Data to Gigya, please contact Gigya at to have that child’s account terminated and information deleted.

Links to other websites. This Privacy Policy covers the information practices of websites that link to this Privacy Policy, including, but not limited to,, and their subdomains. The websites may contain links to websites operated by third parties. Gigya is not responsible for the privacy practices or the content of such other websites. We encourage you to learn about such third parties’ privacy and security policies before providing them with Personal Data.

Security. Gigya is committed to protecting the Personal Data you share with us. Gigya uses a combination of industry-standard security technologies, procedures, and organizational measures to help protect your Personal Data from unauthorized access, use or disclosure. Gigya supports online security using secure server technology because we want your data to be safe. We bind our employees and data processors to observe your privacy and confidentiality rights.

Updates to this Privacy Policy. We may occasionally update this Privacy Policy. If we do, we will change the “effective date” at the top of the Privacy Policy. Before making any update that would make this Privacy Policy materially less restrictive in our use or disclosure of Personal Data collected prior to the update, we will provide prior notice of the update by posting notice on our Website at the top of the then-current Privacy Policy at least 30 days before the effective date of the update. We encourage you to periodically review this Privacy Policy to stay informed about our collection, use, and disclosure of Personal Data. Your continued use of our Website constitutes your agreement to our then-current Privacy Policy.

Contact Us. If you have questions about this Privacy Policy, you may contact us at You may also write to us at: Gigya Inc., 2513 E. Charleston Rd, Suite 200, Mountain View, CA 94043, USA.


In the following cases Gigya may process your Personal Data based on a permission under applicable data protection law.

Providing the requested Gigya Services. If you order Services from Gigya, Gigya will use the Personal Data which you enter into the order or registration form (usually (a subset of) your name, (email) address, telephone number, company name and address, your job title/role and, if payment is to be made to Gigya, credit card number or banking details) only to process your order or to provide the requested Service. This may include taking the necessary steps prior to entering into the contract, responding to your related inquiries and providing you with shipping and billing information and to provide customer feedback and support. Gigya may further collect and use conversation data that you may provide via contact forms, e-mails or telephone.

If you participate in tutorials or trainings provided by Gigya, Gigya may also track your learning progress in order to make this information available to you. Furthermore, the use of your Personal Data for the above purposes also includes (i) the provision of support, (ii) processing and verifying of customer feedback, (iii) shipping and billing, and (iv) providing such other information which is required for the business relationship between you and Gigya including responding to your inquiries as follows:

We communicate with users who subscribe to our Services on a regular basis via email, and we may also communicate by phone to resolve customer complaints or investigate suspicious transactions. We may use your email address to confirm your opening of an account, to send you notice of payments, to send you information about changes to our Services, and to send notices and other disclosures as required by law. Generally, users cannot opt out of these communications, which are not marketing related but merely required for the relevant business relationship. With regard to marketing related types of communication (such as emails and phone calls), Gigya will (i) where legally required only provide you with such information after you have granted your opt-in, and (ii) provide you the opportunity to exercise an opt-out choice if you do not want to receive further marketing related types of communication from us, as further described below under “Updates about Gigya’s Services.”

Based on Gigya’s legitimate Interest. Each of the below use cases constitutes a legitimate interest of Gigya to process or use your Personal Data. In case you do not agree with this approach, you may object against Gigya’s processing or use of your Personal Data, as set out in the last paragraph of this subsection.

Compelled disclosure. We may disclose Personal Data if we have a good-faith belief that doing so is required by a subpoena or other judicial or administrative order or otherwise required by law. Additionally, we may disclose Personal Data where we, in good faith, deem it appropriate or necessary to prevent violation of the Gigya Terms of Service, or our other agreements; take precautions against liability; protect the rights, property, or safety of Gigya, any individual, or the general public; maintain and protect the security and integrity of our Services or infrastructure; protect ourselves and our Services from fraudulent, abusive, or unlawful uses; investigate and defend ourselves against third-party claims or allegations.

Export laws. Gigya and its Services (including the technology underlying such Services) are subject to the export laws of various countries, including without limitation, to those of the United States. Pursuant to the applicable export laws, trade sanctions and embargoes issued by these countries, Gigya is required to take measures to prevent entities, organizations and parties listed in government issued sanctioned party lists from accessing certain Services through Gigya’s Website or other delivery channels controlled by Gigya This may include (i) automated checks of any user registration data as set out herein and other information a user provides about her/his identity against applicable sanctioned party lists; (ii) regular repetition of such checks whenever a sanctioned party list is updated or when a user updates her/his information; (iii) blocking of access to Gigya’s Services and systems in case of a potential match; and (iv) contacting a user to confirm her/his identity in case of a potential match.

Participation in Questionnaires and Surveys. Gigya may invite you to participate in questionnaires and surveys. These questionnaires and surveys will be generally designed in a way that they can be answered without any Personal Data. If you include Personal Data in your responses to questionnaires and surveys, Gigya may use such Personal Data to improve its Services.

Aggregate Information and Non-Identifying Information. Gigya may anonymize Personal Data provided under this Privacy Policy to create anonymized data sets which will then be used to improve its and its affiliates’ Services.

We may also share aggregated Personal Data with Clients, prospective Clients, partners or the press in order to demonstrate usage of the Service, identify industry and advertising trends, and to generate publicity for the Gigya Services.

Information about Services. Within an existing business relationship between you and Gigya, Gigya may inform you, where permitted in accordance with applicable law, about its Services (including webinars, seminars, or events) which are similar to such Services you have already purchased or used from Gigya Furthermore, where you have attended a webinar, seminar, or event of Gigya or purchased Services from Gigya, Gigya may contact you for feedback regarding the improvement of the relevant webinar, seminar, event, product or service.

Transfers of Personal Data to Gigya Affiliates. We may share some or all of your Personal Data (including account data and contact data, such as name, email address, and phone number) with our affiliates for the purpose of customer support, in which case we will require those affiliates to honor this Privacy Policy (see also below in Section E. the information given with regard to transfers to affiliates outside of the EEA).

Transfers to Third Parties. We may provide Personal Data to third parties for their use in performing internal business functions (e.g., maintenance, security, data analysis, email transmission, CRM, database management services, email marketing, surveys, or data hosting) on our behalf. We have concluded contractual arrangements as necessary under applicable law with such third parties and require them to agree not to use your Personal Data for purposes beyond those stated in this Privacy Policy and for no other purpose than to provide us with necessary services (see also below in Section E. the information given with regard to transfers to third parties outside of the EEA).

Personal Data Received from Third Parties. We may also obtain information, including Personal Data, from third party sources. This may include aggregated anonymous information or certain Personal Data that may be provided to us, including, but not limited to, through third party surveys conducted on our behalf, companies that publish and disseminate press releases on our behalf, social networks providing information about our fans and followers on their platform, and analytics from companies that perform email marketing on our behalf. If we receive Personal Data from third parties, we will handle it in accordance with this Privacy Policy. If we directly combine information from other third parties with Personal Data that we collect on the Website, we will treat the combined information as Personal Data and handle it in accordance with this Privacy Policy. Additionally, we may use any aggregated anonymous information received by third parties as set forth above in the subsection “Aggregate Information and Non-Identifying Information”.

Right to object. You may object to Gigya using Personal Data for the above purposes at any time by contacting If you do so, Gigya will cease using your Personal Data for the above purposes (i.e., under a legitimate interest set out above) and remove it from its systems unless such Personal Data is permitted to be used by Gigya for another purpose set out in this Privacy Policy or Gigya determines and demonstrates a compelling legitimate interest to continue in processing your Personal Data.


In the following cases Gigya, will only use your Personal Data as further detailed below after you have granted your prior consent into the relevant processing operations. This information matches with the respective consent declarations pertaining to individual processing operations made available here:

Updates about Gigya’s Services. If you opted in to receive communications from us, Gigya may use your name, email and postal address, telephone number, job title and basic information about your employer (name, address and industry) as well as an interaction profile based on prior interactions with Gigya (prior purchases, participation in webinars, seminars or events or the use of Services) in order to send you updates regarding the Website, and information regarding our offer and Services, including, without, limitation, through social media updates, by email and postal mail. If you no longer want to receive commercial messages, you may withdraw your consent at any time with effect for the future as further described below in subsection “Withdrawal of consent”. You may also indicate your preferences regarding commercial email messages by taking the steps described in such messages.

Personal Data made publicly available. Any Personal Data that you voluntarily choose to display on any publicly available portion of the Website, or on any Service, becomes publicly available and may be collected and used by us or others in accordance with applicable laws.

Forwarding your Personal Data to other SAP companies. Gigya may transfer your Personal Data to the other members of the SAP group (these are currently all SAP, Ariba, SuccessFactors, Hybris, Sybase, Business Objects, Fieldglass, Concur, Multiposting and SeeWhy subgroup companies) for the purpose to inform you about their latest products, service offers, and events. Any such use of information is based on the consent you grant hereunder.

Withdrawal of consent. You may at any time withdraw a consent granted hereunder. In case of withdrawal, Gigya will not process Personal Data subject to this consent any longer unless legally required to do so. In case Gigya is required to retain your Personal Data for legal reasons your Personal Data will be restricted from further processing and only retained for the term required by law. However, any withdrawal has no effect on past processing of Personal Data by Gigya up to the point in time of your withdrawal. Furthermore, if your use of an Gigya offering requires your prior consent, Gigya will not be (any longer) able to provide the relevant Service, offer, or event to you after your withdrawal. Please direct any such request for withdrawal to or write to Gigya at the address set out under “Contact us” above.

Webtracking (Cookies, Web Beacons etc.). Like most web-based services, we automatically receive and record information on our server logs from your browser when you use the Website. We may use a variety of methods, including clear GIFs (also known as “web beacons”) and “cookies”, to collect this information. We use both session and persistent cookies as further described in our Cookies Policy at

The information that we may collect with these automated methods may include, for example, your IP address, cookie information, a unique device or user ID, browser type, system type, the content and pages that you access on the Website, the frequency and duration of your visits to the Website, and the “referring URL” (i.e., the page from which you navigated to the Website). We may also use cookies on the to store session validators on your hard drive.

On the Website, we may use passively collected data to: (a) remember your information so that you will not have to re-enter it during your visit or the next time you visit the Website; (b) monitor your participation in various sections of the Website; (c) customize our Service to you, including by providing you with recommendations; (c) monitor aggregate website usage metrics such as total number of visitors and pages viewed; and (d) administer, operate, and improve the Website and our other Services and systems, and to provide Services and content that are tailored to you.

To the extent legally required, any such use of information is based on the consent you grant hereunder.

Unless another means to make your choice is listed below, you may furthermore refuse the use of these automated methods, like cookies, by selecting the appropriate settings in your browser. Kindly note that settings in your browser regarding cookies are limited to the particular browser installed on a particular device and that, as a consequence, if you visit the Website with different browsers or different devices, you have to disable cookies in the browsers of all relevant devices. However, kindly further note that if you do this you may not be able to use the full functionality of the Website.

For additional information about the technologies that we use and how they operate, please see our Cookie Policy. Gigya is in particular currently using the following automated methods on its Website for the purposes set out below.

Third-Party Ad Networks. We use third parties such as network advertisers to assist us in displaying advertisements on third party websites, and to evaluate the success of our advertising campaigns. Network advertisers are third parties that display advertisements based on your visits to our Website as well as other websites. This enables us, and these third parties, to target advertisements by displaying ads for products and services in which you might be interested. Third party ad network providers, advertisers, sponsors and/or traffic measurement services may use cookies, JavaScript, web beacons (including clear GIFs), Flash LSOs and other technologies to measure the effectiveness of their ads and to personalize advertising content to you. These third-party cookies and other technologies are governed by each third party’s specific privacy policy, not this one. We may provide these third-party advertisers with information about your usage of our Website, as well as aggregate information about visitors to our Website.

You may opt-out of many third-party ad networks, including those operated by members of the Network Advertising Initiative (“NAI”) and the Digital Advertising Alliance (“DAA”). For more information regarding this practice by NAI members and DAA members, and your choices regarding having this information used by these companies, including how to opt-out of third-party ad networks operated by NAI and DAA members, please visit their respective websites: (NAI) and (DAA).

Opting out of one or more NAI member or DAA member networks (many of which will be the same) only means that those members no longer will deliver targeted content or ads to you. It does not mean you will no longer receive any targeted content or ads on our Website or other websites. You may continue to receive advertisements, for example, based on the particular website that you are viewing. Also, if your browsers are configured to reject cookies when you visit this opt-out page, or you subsequently erase your cookies, use a different computer or change web browsers, your NAI or DAA opt-out may no longer be effective. Additional information is available on NAI’s and DAA’s websites accessible by the above links.


We collect, use, and retain (as a data processor) certain Personal Data at the direction and on behalf of our Clients (as the data controllers) from End Users who use the Client website (“Client Data”). Gigya has no relationship with such End Users whose Client Data we process on behalf of our Clients. We also do not decide how the Clients use such Client Data. Gigya does not access and use the Client Data, except as directed by our Clients or required by law.

Information collected directly through use of the Services about End Users. We collect two types of Personal Data about End Users: (1) information that is passed through the Gigya Services as a result of use of the Website and (2) technical data automatically collected from all visitors to pages of your website that load the Gigya Services. The information that we collect on your behalf depends on the particular Services to which you subscribe and your preferences. Social network and/or identity providers are hosted by a third party and on our Client’s service. The Client’s and the End User’s interaction with these features are governed by the Privacy Policy of the company providing it.

End User Personal Data. We maintain no rights to use any End User Personal Data transmitted to us on your behalf through the Website or received from the social networks, except to make the Services available to you and/or End User.

Some of the information collected is used in the Client Reports. The Client Reports may contain both passively-collected information and End User Personal Data.

If you are a customer of one of our Client’s, and you want to edit or delete any information captured about you on that Client’s website, you should contact the Client as the data controller directly.


In the cases of transfers of Personal Data outside of the EEA, Gigya applies the appropriate safeguards (such as entering into Standard Contractual Clauses) or transfers Personal Data to countries for which the EU Commission has acknowledged an adequate level of data protection.

Standard Contractual Clauses (transfers to affiliates and third parties). Whenever Gigya is using or otherwise processing your Personal Data for the purposes set out in this Privacy Policy, Gigya may transfer your Personal Data to countries outside of the EEA including to such countries where a statutory level of data protection applies that is not comparable to the level of data protection within the EEA. Whenever such transfer occurs, it is based on the Standard Contractual Clauses (depending on the type of transfer, either according to EU Commission Decision 87/2010/EC (controller-to-processor) or according to EU Commission Decision C (2004)5721(controller-to-controller), or any future replacement) in order to contractually ensure that your Personal Data is subject to a level of data protection which applies within the EEA. You may obtain a redacted copy (in order to remove commercial and not relevant information) of such Standard Contractual Clauses by sending a request to

Adequacy Decision (Israel). We may share some or all of your Personal Data (including account data and contact data such as name, email address and phone number) with our affiliate located in Israel for the purpose of customer support. According to the European Commission Decision 2011/61/EU, Israel ensures an adequate level of data protection.

Meet us at

SAP Customer Experience LIVE: Connect with Purpose
Barcelona, Spain

October 10-11, 2018

View Event >

Gigya has updated its Privacy Policy as Gigya, Inc. has been acquired by SAP America, Inc. and Gigya has updated the information regarding how we collect and use your Personal Data. You can see the updated Privacy Policy here.