Medallia, Inc. recognizes and respects your right to privacy. At Medallia, we want to provide you with information about the collection and use of your personal data. When we collect data, we do so in compliance with this Privacy Policy, which describes how we use and process the data we collect in more detail. This Privacy Policy also describes other important topics relating to information privacy. If you have any questions, please contact us here.
We encourage you to read this Privacy Policy carefully to understand how we handle your Personal Information.
This privacy policy covers the products owned by Medallia or any of its subsidiaries that link to this page. To learn more, click the links below:
Medallia and Customer Data
Types of Information Medallia Collects
Use of Information
Data Retention
Disclosure of Information
Protection of Personal Information
Your Privacy Rights
Transfers of Information
Use of Cookies
Third Party Websites
Medallia and CCPA/CPRA
Changes to Privacy Policy
Contact Us
Medallia’s customers are organizations such as businesses, who use our services to help them understand employee and customer experiences. Medallia’s customers may electronically submit data or information for hosting and processing purposes (“Customer Data”). Medallia does not review, share, distribute or reference any such Customer Data except as provided in the customer’s contract, and if applicable, in the Data Processing Agreement (“DPA”) between Medallia and our customer. Medallia may access Customer Data only for the purpose of providing services, preventing or addressing service or technical problems at our customer’s request in connection with customer support matters, or as may be required by law. A copy of our standard Customer DPA is available here. If you have questions about personal data you have entered into a Medallia service used by one of our customers, or if you want to exercise any of your rights regarding your personal data, our customer contract requires that we redirect your inquiry back to that Medallia customer.
Medallia may transfer Customer Data to partners that help us provide our services. Transfers to third parties are covered by the provisions of our customer and partner agreements. To see a list of our Customer Data related subprocessors, please see here.
Medallia may retain Customer Data collected on behalf of our customers for as long as that customer’s account is active or as needed to provide services, and as necessary to comply with our legal obligations, resolve disputes, enforce our agreements, or as otherwise reasonably necessary for our business purposes.
For information about email survey invitations or other communications sent by Medallia on behalf of one of our customers, including opt-out and data deletion requests, please visit our opt-out FAQ. For general support inquiries, including problems with survey completion and incorrect survey invitations, please visit our survey support portal.
When acting as a data controller with respect to website data, visitor data, and applicant data, we may collect and process any of the following information about you, which we refer to as “Personal Information” throughout this Privacy Policy:
You may give us information about yourself by using the online forms provided on the website or by contacting us by phone, e-mail or other means. This includes, for example, filling in the “Contact Us” form on the website, applying for a position with Medallia, registering for a webinar or event, providing your information to us in order to receive our services, or when participating in our Operational Customer Experience Management Assessment (“OCEM Assessment”).
The information you give us may include email address, name, mailing address, telephone number, company name, company address, geolocation data, credit card information, job title, account information, chat conversations, video submissions, and any updates to information provided to us.
Please note that we need certain types of information so that we can provide services to you. If you do not provide us with such information, or if you ask us to delete it, you may no longer be able to access our services.
Medallia may collect Personal Information when a candidate submits an application for employment, including personal data contained within a resume or curriculum vitae (including names, contact details, employment and education history), and, when applicable, Equal Employment Opportunity information that may be regarded as sensitive information in some countries (e.g., gender, ethnicity, disability status, veteran status). This Personal Information is collectively referred to as applicant data.
If you are an employee at an organization that uses Medallia, we may collect, store and share your contact info, bio (if applicable), and picture (if applicable). This makes it possible for us to keep track of you and return the correct information to you. We also use this to personalize the surveys and feedback requests we send on your behalf. We do this at the direction of your employer, and their own privacy policies are in effect as well. We also collect and store information about how you use the platform.We use this to determine how best to serve you.
We may automatically collect any of the following information each time you visit the website:
Some of the data we collect is anonymous information sent by your browser when you visit our websites, however if/when you identify yourself by filling out a form, some data (such as what pages you view on our websites) will be connected to your personal information.
For more information about our use of cookies and tracking technologies, please see section 9 of this Privacy Policy.
We collect survey information from digital surveys embedded in our website. Medallia can access and use survey feedback you choose to provide to evaluate your impression of and interactions with our website, and to improve your browsing experience. Our survey allows you to provide your name and email address should you be interested in signing up for an event with us, or indicate what brought you to our site, including, for example, recruitment opportunities or product demos. The survey also allows you to take a screenshot of portions of our website that you would like to provide feedback about. This survey collects analytics information such as your IP address and type of web browser or mobile device used in accessing our site. We also allow you to engage with our OCEM Assessment to assess your customer experience preparedness. We collect OCEM Assessment responses to refine our communication with prospective customers. We also use this information to help customers further define their customer experience goals. You may provide additional information within the OCEM Assessment, including, for example, name, email address, employer and title. We use this information to contact you about your OCEM Assessment results and Medallia products and services.
We will receive information about you if:
In some instances, Medallia engages with third party sources to obtain additional information about you. For example, Medallia collects contact information from professional network intelligence companies or industry event providers. Information collected by professional network intelligence companies is publicly available and used by Medallia’s talent acquisition team to determine your interest in employment with Medallia.
Medallia’s website and recruiting efforts are directed to people who are at least 16 years of age or older. In the event that we have inadvertently collected data of an individual who is younger than 16, we will remove this data from our system within a reasonable time period. To make such a request, please contact us here.
We, or third-party data processors acting on our behalf, collect, use and store the Personal Information listed above. We will use your Personal Information in order to deliver your contracted services, in order to comply with applicable laws, where we have obtained your consent, or where it is in the legitimate interests of Medallia to handle your Personal Information. More specifically, we collect, use and store your Personal Information for the following reasons:
We retain Personal Information for as long as you use the services we provide, as long as needed to carry out our legitimate business interests, and then as required to comply with applicable laws. For information about specific retention periods, please contact us here.
We will not sell, hire, lease or rent your Personal Information that we collect to any third party without notifying you and/or obtaining your consent, except as expressly set forth in this section. Where you have given your consent for us to use your information in a particular way, but later change your mind, please contact us as set forth in section 13 of this Privacy Policy in order to revoke such consent.
Medallia may share your Personal Information with any Medallia Group Company, a group that consists of Medallia’s subsidiaries and affiliated entities worldwide.
Any third parties with whom we share your Personal Information are limited (by law and by contract) in their ability to use your Personal Information for any purpose other than to provide services for us. We will always ensure that any third parties with whom we share your Personal Information are subject to privacy and security obligations consistent with this Privacy Policy and applicable laws. We will share your Personal Information with the following categories of third parties:
Service providers that are provided access to Personal Information are evaluated by our vendor risk management program and agree to appropriate security and privacy safeguards when accessing or storing our Personal Information. Service providers are required to enter into Data Processing Agreements with Medallia.
We will also disclose your Personal Information to third parties:
Medallia is committed to taking steps to protect Personal Information you provide to us, including administrative, technical and physical measures to safeguard Personal Information against loss, theft, misuse, unauthorized access, disclosure, alteration and destruction. For more details on Medallia’s security measures, please visit Trust at Medallia.
Subject to the conditions set forth under applicable law, you have the right to request to access, review, correct, update, suppress, restrict or delete Personal Information that you have provided to us. You have the right to request an electronic copy of Personal Information for purposes of transmitting it to another company. You have the right to ask us to not process your Personal Information for marketing purposes. You have the right to not be subject to a significant decision based solely on automated processing, including profiling. You may submit such requests by contacting us here. We will respond to your request in accordance with applicable law. In your request, you must advise what Personal Information you would like to access, review, correct, update, suppress, restrict or delete; or otherwise let us know what limitations you would like to put on our use of your Personal Information. We may need to verify your identity before completing your rights request by, for example, verifying your ownership of the relevant email account. If you are an authorized agent wishing to exercise rights on behalf of a California consumer, please contact us using the same link above.
Please note that we may need to retain certain Personal Information for recordkeeping purposes and/or to complete transactions that you began prior to requesting a change or deletion. In the event your Personal Information is processed on the basis of your consent, you may withdraw consent at any time by contacting us here and specifying the details of your request. However, any withdrawal of consent will not affect the lawfulness of any processing based on consent before it is withdrawn.
If you have previously given us consent to use your Personal Information for marketing purposes and you now wish to withdraw your consent, you may opt out from receiving marketing communications (a) by clicking the “unsubscribe” link at the bottom of our communication with you; or (b) by contacting us here. Please note that opting out may prevent us from providing you with our services or information requested by you.
If you would like to opt out of Customer surveys, please directly contact the Customer you wish to unsubscribe from.
If you are in a jurisdiction with a privacy rights enforcement authority, you may lodge a complaint with that authority in your own state or country of residence, if you consider that the collection and use of your Personal Information infringes this Privacy Policy or applicable law.
Data may be processed by Medallia Group Companies and third parties in countries that have data protection laws different from those applicable to the data subjects. To satisfy adequacy requirements related to this international data transfer (such as those in the UK or EEA), Medallia signs data processing agreements with our customers, partners and vendors that have robust privacy and security terms, including, where appropriate (i.e. if you are in the UK or the EEA), the Standard Contractual Clauses (also known as the “EU Model Clauses”).
Your Personal Information may also be processed by staff operating in the United States or outside the EEA or Switzerland that are working for us, other members of our group or third-party data processors. Such staff may be engaged in, among other things, the provision of our services to you, the processing of transactions and/or the provision of support services. By providing us with your Personal Information you acknowledge and agree to any such transfer, storage and processing.
We will always take steps to ensure that such transfers comply with applicable privacy laws, and we will take all reasonable precautions to ensure that your Personal Information is treated securely and in accordance with this Privacy Policy.
<
A cookie is usually a small piece of data sent from a website and stored in a user’s web browser while a user is browsing a website. When the user browses the same website in the future, the data stored in the cookie can be retrieved by the website to notify the website of the user’s previous activity.
Cookies were designed to be reliable ways for websites to remember the activity that a user had taken in the past such as indicating their preferences. We and our third-party partners and providers may also use other, related technologies to collect this information, such as web beacons, pixels, embedded scripts, location-identifying technologies and logging technologies (collectively, “cookies”).
We and our third-party partners and providers may use cookies to automatically collect certain types of usage information when you visit or interact with our email communications, websites and other online services. For example, when you visit Medallia’s website, we collect IP address, browser type, referring/exit pages, operating system, date/time stamp, clickstream data, and other similar information. We may collect analytics data or use third-party analytics tools such as Google Analytics to help us measure usage and activity trends for our online services and better understand our customer base.
We use or may use the data collected through cookies to: (a) remember information so that you will not have to re-enter it during your visit or the next time you visit our websites and online services; (b) provide and monitor the effectiveness of our websites and online services; (c) monitor online usage and activities of our websites and online services; (d) diagnose errors and problems with our websites and online services; (e) otherwise plan for and enhance our online services; and (f) facilitate the purposes identified in this Privacy Policy.
Cookies, beacons, tags and scripts are used by Medallia and our partners (e.g., marketing partners), affiliates, or analytics or service providers on our website. We and our marketing partners also use the information we collect through cookies to understand your browsing activities, including across unaffiliated third-party sites, so that we can deliver ads and information about products and services that may be of interest to you. If you wish to not have this information used for the purpose of serving you interest-based ads, you may opt-out by clicking here (or if located in the European Union click here). Please note that when you opt out of receiving interest-based advertisements, this does not mean you will no longer see advertisements from us or on our online services. It means that the online ads that you do see will not be based on your interests.
We use Local Shared Objects (LSOs) to store content information and preferences. Third parties with whom we partner to provide certain features on our site or to display advertising based upon your Web browsing activity use LSOs such as provided by HTML5 to collect and store information. Various browsers may offer their own management tools for removing HTML5 LSOs.
Please note that we link some of the Personal Information we collect through cookies with the other Personal Information that we collect about you and for the purposes described in this Privacy Policy.
If you would prefer not to accept cookies, most browsers will allow you to: (i) change your browser settings to notify you when you receive a cookie, which lets you choose whether or not to accept it; (ii) disable existing cookies; or (iii) set your browser to automatically reject cookies. Please note that doing so may negatively impact your experience using our online services, as some features and services on our online services may not work properly. Depending on your device and operating system, you may not be able to delete or block all cookies. In addition, if you want to reject cookies across all your browsers and devices, you will need to do so on each browser on each device you actively use. You may also set your email options to prevent the automatic downloading of images that may contain technologies that would allow us to know whether you have accessed our email and performed certain functions with it.
Some Medallia products use Google Analytics for purposes of improving product performance. For more information on Google Analytics, and how it collects and processes data visit the site “How Google Uses Information From Sites or Apps that Use our Services,” located at https://policies.google.com/technologies/partner-sites.
We support the self-regulatory principles for online behavioral advertising (Principles) published by the Digital Advertising Alliance (DAA). This means that we allow you to exercise choice regarding the collection of information about your online activities over time and across third-party websites for online interest-based advertising purposes. More information about these Principles can be found at www.aboutads.info. If you want to opt out of receiving online interest-based advertisements on your internet browser from advertisers and third parties that participate in the DAA program and perform advertising-related services for us and our partners, please follow the instructions at www.aboutads.info/choices, or http://www.networkadvertising.org/choices/ to place an opt-out cookie on your device indicating that you do not want to receive interest-based advertisements. Opt-out cookies only work on the internet browser and device they are downloaded onto. If you want to opt out of interest-based advertisements across all your browsers and devices, you will need to opt out on each browser on each device you actively use. If you delete cookies on your device generally, you will need to opt out again.
If you want to opt out of receiving online interest-based advertisements on mobile apps, please follow the instructions at http://www.aboutads.info/appchoices.
Please note that when you opt out of receiving interest-based advertisements, this does not mean you will no longer see advertisements from us or on our online services. It means that the online ads that you do see from DAA program participants should not be based on your interests. We are not responsible for the effectiveness of, or compliance with, any third-parties’ opt-out options or programs or the accuracy of their statements regarding their programs. In addition, third parties may still use cookies to collect information about your use of our online services, including for analytics and fraud prevention as well as any other purpose permitted under the DAA’s Principles.
The website may, from time to time, contain links to other websites operated by third parties. Please note that this Privacy Policy applies solely to the information collected from the website, and we cannot be responsible for Personal Information collected and stored by third parties. If you choose to visit any websites operated by third parties, then their privacy policies would apply, and you should carefully read such third parties’ privacy policies before submitting any Personal Information to those websites. We do not endorse or otherwise accept any responsibility or liability for the content of such third-party websites, terms and conditions or policies.
In this section, “business,” “business purpose,” “consumer,” “commercial purpose,” “personal information,” “sale” or “selling,” and “service provider” refer to the definitions in the CCPA.
Medallia has two areas of activity that are related to the CCPA:
Regardless of which area of activity applies to you, Medallia does not sell your personal information.
To be clear, in the previous 12 months we have not sold, rented, released, disclosed, disseminated, made available, transferred, or otherwise communicated a consumer’s personal information to another business or third party for monetary or other valuable consideration. If that changes, we will update this Privacy Policy.
Further, when we provide the Medallia products and services to our clients, we do not:
The CCPA requires that we disclose the categories of personal information we collect about consumers, and the categories of personal information we disclose for a business purpose.
The chart below details where you find information about the categories of personal information that Medallia has collected in the previous 12 months for each activity related to the CCPA.
Activity | Where you can find information |
---|---|
Providing the Medallia products and services to Medallia clients as a “service provider” | The categories of personal information Medallia collects about consumers vary depending on our clients’ implementation and use of our software. For a generalized description of these categories, please see the Medallia Customer DPA located here.
For more information on the types of data collected by a particular Medallia client, refer to the privacy policy or communications of the Medallia client. Our clients’ privacy policies are commonly located in the Medallia survey invitation email (for web-based surveys) or on the client’s web site or mobile application (for in-the-moment surveys). |
Carrying out Medallia’s marketing and recruiting efforts as a “business” | See section 2 (Types of Information Collected) of this Privacy Policy. |
The chart below details where you can find information about the categories of information we disclose for a business purpose in the previous 12 months.
Activity | Where you can find information |
---|---|
Providing the Medallia products and services to Medallia clients as a “service provider” | The categories of personal information Medallia discloses for a business purpose vary depending on the features of our software our clients use, and the servicing and support they have purchased. For a generalized description of these disclosures, please see the Medallia Customer DPA located here.
For more information on the disclosures made to a particular Medallia client, refer to the privacy policy or communications from the Medallia client. Our clients’ privacy policies are commonly located in the Medallia survey invitation email (for web-based surveys) or on the client’s web site or mobile application (for in-the-moment surveys). |
Carrying out Medallia’s marketing and recruiting efforts as a “business” | See section 5 (Disclosure of Information) of this Privacy Policy. |
Your rights under the CCPA include the right to request a copy of the specific personal information collected about you in the 12 months prior to the request, and a business’s data collection practices (including categories of information collected, how information is used, and who it is disclosed to). We will generally refer to these as “access requests”.
In addition, with some exceptions, you can request deletion of the personal information that is collected about you. We will generally refer to these as “deletion requests”.
You have a right not to receive discriminatory treatment for exercising their CCPA rights.
With respect to personal data of consumers collected in Medallia products and services, Medallia’s clients are responsible for fulfilling access and deletion requests. Medallia supports these requests by offering our clients product features, processes and assistance in exporting personal information about individuals. These product features and processes complete the data deletion within 30 days of receiving the request from our client.
With respect to the personal data of consumers collected in Medallia’s marketing and recruiting efforts, we are responsible for fulfilling access and deletion requests.
The chart below details how you can exercise your rights under the CCPA.
Activity | How to exercise your access and deletion rights |
---|---|
Providing the Medallia products and services to Medallia clients as a “service provider” | Please contact the Medallia client identified in the communication you received.
Contact information is commonly located within the communication or in a privacy policy linked from the communication. |
Carrying out Medallia’s marketing and recruiting efforts as a “business” | Please submit a request to our Marketing team here.
In the request, please be as specific as possible in relation to the personal information you wish to access or delete. Once we receive the request, we will review it, and process the request accordingly. If we need additional information to verify your identity, we will let you know. Any identifying information in such requests will be used solely for verification, and to communicate with you. We will respond to the request within 45 days of receipt, or notify you if we require additional time. |
We may update this Privacy Policy from time to time. By continuing to use the services and the website, you agree to the latest version of this Privacy Policy. Any future changes we make to this Privacy Policy will be posted on this page, sent to our clients via email, or shared through other appropriate channels. Please visit this page frequently to check for any updates or changes to this Privacy Policy. If you would like to review an archive of our previous privacy policies, please visit our Privacy Policy Archive.
If you have any questions or comments about Medallia’s Privacy Policy or the practices of this site, if you would like to issue a complaint, or if you have an unresolved privacy and data use concern, we’d like to hear from you. Medallia responds to privacy-related requests in a timely fashion and pursuant to applicable law. To make a privacy-related request or to contact our Data Protection Officer, please contact us through the form found here, by phone at +1 877-392-2794, or by mail at the following address:
Medallia, Inc.
6220 Stoneridge Mall Rd Floor 2
Pleasanton, CA 94588
Attn: Data Protection Officer