A. GENERAL INFORMATION
Data Controller. Data controller in case of the website www.gigya.com (“Website”) is Gigya, Inc., 2513 E. Charleston Rd, Suite 200, Mountain View, CA 94043, USA (“Gigya”). Gigya, Inc. is a subsidiary of SAP America Inc., which is an affiliate of SAP SE and thus part of the SAP group. The group’s data protection officer is Mathias Cellarius (email@example.com).
Duration of processing of Personal Data. Notwithstanding those instances where your Personal Data is processed or used by Gigya based on a statutory permission (see Section B. below) or your consent (see Section C. below), Gigya will only store your Personal Data (i) for as long as it is required to fulfil the purposes set out below, (ii) until you object to Gigya’s use of your Personal Data (if Gigya uses your Personal Data based on legitimate interest), or (iii) until you withdraw your consent (if Gigya uses your Personal Data based on your consent). However, where Gigya is required by mandatory law to retain your Personal Data longer or where your Personal Data is required for Gigya to assert or defend against legal claims, Gigya will retain your Personal Data until the end of the relevant retention period or the settlement of the claims in question.
Why am I required to provide Personal Data? As a general principle, granting of any consent and the provision of any Personal Data hereunder is entirely voluntarily to you. However, there are circumstances where Gigya cannot take action without certain Personal Data (e.g., because Personal Data is required to process your orders or provide you with access to a web offering or newsletter). In these cases it will unfortunately not be possible for Gigya to provide you with what you request without the relevant Personal Data.
Data subjects’ rights. You can request from Gigya at any time information about which Personal Data Gigya processes about you and the correction or deletion of such Personal Data. Notwithstanding your request, Gigya may retain your Personal Data if there is a statutory obligation or prevailing right of Gigya to retain it. Kindly note that if you request the deletion of your Personal Data from Gigya you will not be able to further use such Gigya Services which require Gigya’s use of your Personal Data.
If Gigya uses your Personal Data based on your consent or to perform a contract with you, you may further request from Gigya a copy of the Personal Data that you have provided to Gigya To make such a request, please contact the email address below and specify the information or processing activities to which your request relates, the requested format for your Personal Data (provided it is commonly used), and whether the Personal Data shall be provided to you or another recipient. Gigya will carefully review your request and discuss with you how it can be best implemented.
Furthermore, you can request from Gigya that Gigya restricts your Personal Data from any further processing in any of the following events: (i) you state that the Personal Data Gigya has about you is incorrect, however, only for as long as Gigya requires to check the accuracy of the relevant Personal Data, (ii) there is no legal basis for Gigya’s processing of your Personal Data and you demand that Gigya restricts your Personal Data from further processing, (iii) Gigya no longer requires your Personal Data but you claim that you require such data in order to claim or exercise legal rights or to defend against third party claims, or (iv) in case you object to the processing of your Personal Data by Gigya for as long as it is required to review as to whether Gigya has a prevailing interest or legal obligation in processing your Personal Data.
Please direct any such request to firstname.lastname@example.org.
Right to lodge a complaint. If you take the view that Gigya is not processing your Personal Data in accordance with the requirements set out herein or applicable EEA data protection laws, you can at any time lodge a complaint with the data protection authority of the EEA country where you live.
Use of this website by children. The Website is not directed toward individuals under the age of thirteen (13), and we request that such individuals do not provide Personal Data through our Website. Additionally, we do not knowingly collect or maintain Personal Data from anyone under the age of 13, unless or except as permitted by law. If we learn that Personal Data has been collected from a user under 13 years of age on or through the Website, then we will take the appropriate steps to cause this information to be deleted. If you are the parent or legal guardian of a child under 13 who has registered on the Website or you believe has otherwise provided Personal Data to Gigya, please contact Gigya at email@example.com to have that child’s account terminated and information deleted.
Security. Gigya is committed to protecting the Personal Data you share with us. Gigya uses a combination of industry-standard security technologies, procedures, and organizational measures to help protect your Personal Data from unauthorized access, use or disclosure. Gigya supports online security using secure server technology because we want your data to be safe. We bind our employees and data processors to observe your privacy and confidentiality rights.
B. WHERE GIGYA USES MY PERSONAL DATA BASED ON THE LAW
In the following cases Gigya may process your Personal Data based on a permission under applicable data protection law.
Providing the requested Gigya Services. If you order Services from Gigya, Gigya will use the Personal Data which you enter into the order or registration form (usually (a subset of) your name, (email) address, telephone number, company name and address, your job title/role and, if payment is to be made to Gigya, credit card number or banking details) only to process your order or to provide the requested Service. This may include taking the necessary steps prior to entering into the contract, responding to your related inquiries and providing you with shipping and billing information and to provide customer feedback and support. Gigya may further collect and use conversation data that you may provide via contact forms, e-mails or telephone.
If you participate in tutorials or trainings provided by Gigya, Gigya may also track your learning progress in order to make this information available to you. Furthermore, the use of your Personal Data for the above purposes also includes (i) the provision of support, (ii) processing and verifying of customer feedback, (iii) shipping and billing, and (iv) providing such other information which is required for the business relationship between you and Gigya including responding to your inquiries as follows:
We communicate with users who subscribe to our Services on a regular basis via email, and we may also communicate by phone to resolve customer complaints or investigate suspicious transactions. We may use your email address to confirm your opening of an account, to send you notice of payments, to send you information about changes to our Services, and to send notices and other disclosures as required by law. Generally, users cannot opt out of these communications, which are not marketing related but merely required for the relevant business relationship. With regard to marketing related types of communication (such as emails and phone calls), Gigya will (i) where legally required only provide you with such information after you have granted your opt-in, and (ii) provide you the opportunity to exercise an opt-out choice if you do not want to receive further marketing related types of communication from us, as further described below under “Updates about Gigya’s Services.”
Based on Gigya’s legitimate Interest. Each of the below use cases constitutes a legitimate interest of Gigya to process or use your Personal Data. In case you do not agree with this approach, you may object against Gigya’s processing or use of your Personal Data, as set out in the last paragraph of this subsection.
Compelled disclosure. We may disclose Personal Data if we have a good-faith belief that doing so is required by a subpoena or other judicial or administrative order or otherwise required by law. Additionally, we may disclose Personal Data where we, in good faith, deem it appropriate or necessary to prevent violation of the Gigya Terms of Service, or our other agreements; take precautions against liability; protect the rights, property, or safety of Gigya, any individual, or the general public; maintain and protect the security and integrity of our Services or infrastructure; protect ourselves and our Services from fraudulent, abusive, or unlawful uses; investigate and defend ourselves against third-party claims or allegations.
Export laws. Gigya and its Services (including the technology underlying such Services) are subject to the export laws of various countries, including without limitation, to those of the United States. Pursuant to the applicable export laws, trade sanctions and embargoes issued by these countries, Gigya is required to take measures to prevent entities, organizations and parties listed in government issued sanctioned party lists from accessing certain Services through Gigya’s Website or other delivery channels controlled by Gigya This may include (i) automated checks of any user registration data as set out herein and other information a user provides about her/his identity against applicable sanctioned party lists; (ii) regular repetition of such checks whenever a sanctioned party list is updated or when a user updates her/his information; (iii) blocking of access to Gigya’s Services and systems in case of a potential match; and (iv) contacting a user to confirm her/his identity in case of a potential match.
Participation in Questionnaires and Surveys. Gigya may invite you to participate in questionnaires and surveys. These questionnaires and surveys will be generally designed in a way that they can be answered without any Personal Data. If you include Personal Data in your responses to questionnaires and surveys, Gigya may use such Personal Data to improve its Services.
We may also share aggregated Personal Data with Clients, prospective Clients, partners or the press in order to demonstrate usage of the Service, identify industry and advertising trends, and to generate publicity for the Gigya Services.
Information about Services. Within an existing business relationship between you and Gigya, Gigya may inform you, where permitted in accordance with applicable law, about its Services (including webinars, seminars, or events) which are similar to such Services you have already purchased or used from Gigya Furthermore, where you have attended a webinar, seminar, or event of Gigya or purchased Services from Gigya, Gigya may contact you for feedback regarding the improvement of the relevant webinar, seminar, event, product or service.
C. WHERE GIGYA USES MY PERSONAL DATA BASED ON MY CONSENT
In the following cases Gigya, will only use your Personal Data as further detailed below after you have granted your prior consent into the relevant processing operations. This information matches with the respective consent declarations pertaining to individual processing operations made available here: https://www.gigya.com/preference-center/.
Updates about Gigya’s Services. If you opted in to receive communications from us, Gigya may use your name, email and postal address, telephone number, job title and basic information about your employer (name, address and industry) as well as an interaction profile based on prior interactions with Gigya (prior purchases, participation in webinars, seminars or events or the use of Services) in order to send you updates regarding the Website, and information regarding our offer and Services, including, without, limitation, through social media updates, by email and postal mail. If you no longer want to receive commercial messages, you may withdraw your consent at any time with effect for the future as further described below in subsection “Withdrawal of consent”. You may also indicate your preferences regarding commercial email messages by taking the steps described in such messages.
Personal Data made publicly available. Any Personal Data that you voluntarily choose to display on any publicly available portion of the Website, or on any Service, becomes publicly available and may be collected and used by us or others in accordance with applicable laws.
Forwarding your Personal Data to other SAP companies. Gigya may transfer your Personal Data to the other members of the SAP group (these are currently all SAP, Ariba, SuccessFactors, Hybris, Sybase, Business Objects, Fieldglass, Concur, Multiposting and SeeWhy subgroup companies) for the purpose to inform you about their latest products, service offers, and events. Any such use of information is based on the consent you grant hereunder.
Withdrawal of consent. You may at any time withdraw a consent granted hereunder. In case of withdrawal, Gigya will not process Personal Data subject to this consent any longer unless legally required to do so. In case Gigya is required to retain your Personal Data for legal reasons your Personal Data will be restricted from further processing and only retained for the term required by law. However, any withdrawal has no effect on past processing of Personal Data by Gigya up to the point in time of your withdrawal. Furthermore, if your use of an Gigya offering requires your prior consent, Gigya will not be (any longer) able to provide the relevant Service, offer, or event to you after your withdrawal. Please direct any such request for withdrawal to firstname.lastname@example.org or write to Gigya at the address set out under “Contact us” above.
Webtracking (Cookies, Web Beacons etc.). Like most web-based services, we automatically receive and record information on our server logs from your browser when you use the Website. We may use a variety of methods, including clear GIFs (also known as “web beacons”) and “cookies”, to collect this information. We use both session and persistent cookies as further described in our Cookies Policy at https://www.gigya.com/privacy-policy/.
On the Website, we may use passively collected data to: (a) remember your information so that you will not have to re-enter it during your visit or the next time you visit the Website; (b) monitor your participation in various sections of the Website; (c) customize our Service to you, including by providing you with recommendations; (c) monitor aggregate website usage metrics such as total number of visitors and pages viewed; and (d) administer, operate, and improve the Website and our other Services and systems, and to provide Services and content that are tailored to you.
To the extent legally required, any such use of information is based on the consent you grant hereunder.
Unless another means to make your choice is listed below, you may furthermore refuse the use of these automated methods, like cookies, by selecting the appropriate settings in your browser. Kindly note that settings in your browser regarding cookies are limited to the particular browser installed on a particular device and that, as a consequence, if you visit the Website with different browsers or different devices, you have to disable cookies in the browsers of all relevant devices. However, kindly further note that if you do this you may not be able to use the full functionality of the Website.
You may opt-out of many third-party ad networks, including those operated by members of the Network Advertising Initiative (“NAI”) and the Digital Advertising Alliance (“DAA”). For more information regarding this practice by NAI members and DAA members, and your choices regarding having this information used by these companies, including how to opt-out of third-party ad networks operated by NAI and DAA members, please visit their respective websites: www.networkadvertising.org/optout_nonppii.asp (NAI) and www.aboutads.info/choices (DAA).
Opting out of one or more NAI member or DAA member networks (many of which will be the same) only means that those members no longer will deliver targeted content or ads to you. It does not mean you will no longer receive any targeted content or ads on our Website or other websites. You may continue to receive advertisements, for example, based on the particular website that you are viewing. Also, if your browsers are configured to reject cookies when you visit this opt-out page, or you subsequently erase your cookies, use a different computer or change web browsers, your NAI or DAA opt-out may no longer be effective. Additional information is available on NAI’s and DAA’s websites accessible by the above links.
D. CUSTOMER DATA
E. EU, SWITZERLAND AND THE DATA PRIVACY SHIELD FRAMEWORK
Gigya complies with the E.U.- U.S. Privacy Shield Framework and the Swiss – U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data obtained from European Union member countries and Switzerland. Gigya has certified that its processing of Personal Dataa from E.U. member countries and Switzerland is in accordance with the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, Recourse, Enforcement and Liability (the “Principles”). You may view our certification here https://www.privacyshield.gov/list. Gigya and its subsidiaries are subject to the investigatory and enforcement authority of the Federal Trade Commission.
Accessing Personal Data. The Privacy Shield Principles provide individuals located in the E.U. and Switzerland whose Personal Data we process with the right to access their Personal Data in order to review, correct, amend or delete information processed under the Principles. E.U. and Swiss individuals who use our Site and would like to access their Personal Data may contact Gigya at email@example.com or at the address set forth in the “Contact Us” section. Additionally, anyone with a registered account on the Gigya Console may, at any time, review, update or correct the Personal Data in their registration profile by logging into their account, clicking on dropdown next to their name in the upper right-hand corner, and clicking to the Account section.
E.U. and Swiss End Users whose personal information we process on behalf of a Gigya Customer (as a data processor) should first contact the Gigya Customer, who is the controller of your Personal Data, to access their Personal Data; Gigya will work with its Customers to provide such visitors to the Customer website the necessary access about what Personal Data is processed.
Transfers to Third Parties. We may transfer Personal Data from the E.U. and Switzerland to third parties. We contractually require third parties to whom we transfer Personal Data to provide the same level of protections as the Principles. Gigya remains responsible for the Personal Data we receive and transfer under Privacy Shield.
In accordance with our legal obligations, we may also transfer, subject to a lawful request, Personal Data to public authorities for law enforcement or national security purposes.
Contacting Us, Complaints and Dispute Resolution. E.U. and Swiss individuals who have questions or complaints about how we process their Personal Data may contact us at firstname.lastname@example.org. We will work to resolve your issue and respond no later than 45 days of receipt.
If you are unable to resolve the issue directly with us, you may file, free of charge, a complaint with our independent dispute resolution provider JAMS, located in the United States. For more information about JAMS dispute resolution process or to file a complaint, please visit https://www.jamsadr.com/eu-us-privacy-shield. E.U. or Swiss individuals may invoke binding arbitration in accordance with the Privacy Shield Framework.