European Union Data Subject Rights
EU Residents
If you are a resident of the European Union (“EU”), United Kingdom, Lichtenstein, Norway or Iceland, you may have additional rights under the EU General Data Protection Regulation (the “GDPR”) with respect to your Personal Data, as outlined below.
For this section, we use the terms “Personal Data” and “processing” as they are defined in the GDPR, but “Personal Data” generally means information that can be used to individually identify a person, and “processing” generally covers actions that can be performed in connection with data such as collection, use, storage and disclosure. Pendo will be the controller of your Personal Data processed in connection with your use of the Services. Note that we may also process Personal Data of our customers’ end users in connection with our provision of certain services to customers, in which case we are the processor of Personal Data. If we are the processor of your Personal Data (i.e., not the controller), please contact the controller party in the first instance to address your rights with respect to such data.
If there are any conflicts between this section and any other provision of this Privacy Policy, the portion that is more protective of Personal Data shall control to the extent of such conflict. If you have any questions about this section or whether the following applies to you, contact us at [email protected].
Personal Data We Collect
The “Categories of Personal Data We Collect” section details the Personal Data that we collect from you.
Personal Data Use and Processing Grounds
The “Our Commercial or Business Purposes for Collecting Personal Data” section explains how we use your Personal Data.
We will only process your Personal Data if we have a lawful basis for doing so. Lawful bases for processing include consent, contractual necessity and our “legitimate interests” or the legitimate interest of others, as further described below.
- Contractual Necessity: We process the following categories of Personal Data as a matter of “contractual necessity”, meaning that we need to process the data to perform under our Terms of Use with you, to provide you with the Services. When we process data due to contractual necessity, failure to provide such Personal Data will result in your inability to use some or all portions of the Services that require such data.
- Profile or Contact Data
- Commercial Data
- Device/IP Data
- Web Analytics
- Social Network Data
- Geolocation Data
- Inferences Drawn From Other Personal Data Collected
- Other Identifying Information that You Voluntarily Choose to Provide
- Legitimate Interest: We process the following categories of Personal Data when we believe it furthers the legitimate interest of us or third parties:
- Profile or Contact Data
- Commercial Data
- Device/IP Data
- Web Analytics
- Social Network Data
- Professional or Employment-Related Data
- Geolocation Data
- Inferences Drawn From Other Personal Data Collected
- Other Identifying Information that You Voluntarily Choose to Provide
- We may also de-identify or anonymize Personal Data to further our legitimate interests.
- Examples of these legitimate interests include (as described in more detail above):
- Providing, customizing and improving the Services.
- Marketing the Services.
- Corresponding with you.
- Hiring and managing employees.
- Meeting legal requirements and enforcing legal terms.
- Completing corporate transactions.
- Consent: In some cases, we process Personal Data based on the consent you grant to us at the time we collect such data.
- Other Processing Grounds: From time to time we may also need to process Personal Data to comply with a legal obligation, if it is necessary to protect the vital interests of you or other data subjects, or if it is necessary for a task carried out in the public interest.
Sharing Personal Data
The “How We Share Your Personal Data” section above details how we share your Personal Data with third parties.
EU Data Subject Rights
You have certain rights with respect to your Personal Data, including those set forth below. For more information about these rights, or to submit a request, please email us at [email protected]. In some circumstances, we may not be able to fully comply with your request, such as if it is frivolous or extremely impractical, if it jeopardizes the rights of others, or if it is not required by law. In those circumstances, we will still respond to notify you of such a decision. In some cases, we may also need you to provide us with additional information, which may include Personal Data, if necessary to verify your identity and the nature of your request.
- Access: You can request more information about the Personal Data we hold about you and request a copy of such Personal Data.
- Rectification: If you believe that any Personal Data we are holding about you is incorrect or incomplete, you can request that we correct or supplement such data.
- Erasure: You can request that we erase some or all of your Personal Data from our systems.
- Withdrawal of Consent: If we are processing your Personal Data based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time. However, if you exercise this right, you may have to then provide express consent on a case-by-case basis for the use or disclosure of certain of your Personal Data, if such use or disclosure is necessary to enable you to utilize some or all of our Services.
- Portability: You can ask for a copy of your Personal Data in a machine-readable format. You can also request that we transmit the data to another controller where technically feasible.
- Objection: You can contact us to let us know that you object to the further use or disclosure of your Personal Data for certain purposes.
- Restriction of Processing: You can ask us to restrict further processing of your Personal Data.
- Right to File Complaint: You have the right to lodge a complaint about Pendo’s practices with respect to your Personal Data with the supervisory authority of your country or EU Member State. A list of Supervisory Authorities is available here: https://edpb.europa.eu/about-edpb/board/members_en.
Transfers of Personal Data
The Services are hosted and operated in the United States (“U.S.”) through Pendo and its service providers, and if you do not reside in the U.S., laws in the U.S. may differ from the laws where you reside. By using the Services, you acknowledge that any Personal Data about you, regardless of whether provided by you or obtained from a third party, is being provided to Pendo in the U.S. and will be hosted on U.S. servers, and you authorize Pendo to transfer, store and process your information to and in the U.S., and possibly other countries. You hereby consent to the transfer of your data to the U.S. If you have questions or concerns regarding your personal data you should contact Pendo’s Data Protection Officer at [email protected].