Why Medallia
Why Medallia

Learn how partnering with us can transform your business — for both customers and employees.
Success Stories

See results from brands like yours
ROI Calculator

Optimize your program spend
Enterprise-Grade Platform

Explore all features and benefits
World-Class Service

Get support for crucial operations
Global Impact

Impact the world beyond your own
AI Leadership

Follow our AI experience innovations
Partner Network

Access approved, localized expertise
Platform
Medallia Platform

Explore how experiences come together in one powerful platform.
Comprehensive Feedback Capture

Collect every signal for more meaningful data
Administration

Run complex, global programs with self-service
Role-Based Reporting

Close the loop and drive action quickly
AI & Analytics

Uncover essential insights from every interaction
Integrations

Easily share data across systems and teams
Pricing

Expand your program with flexible pricing
Enterprise-Grade Security

Keep your business data safe and compliant
Solutions
Customer Experience

End-to-end customer experience management and orchestration
Overview
Customer Experience Management
Digital Experience
Experience Orchestration
Personalized Messaging
Employee Experience

Employee listening and activation solutions
Overview
Employee Listening
Employee Activation
Ideas
Contact Center

Improve agent engagement and optimize service quality
Overview
Conversation Intelligence
Agent Coaching
Quality Management
Intelligent Callback
Market Research

Expert research strategy, design, analytics, and deliverables
Overview
Agile Research
Video
Research Strategy & Services
Industries
Automotive
Financial Services
Healthcare
Insurance
Life Sciences
Manufacturing
Public Sector
Retail
Restaurants
Technology & Services
Telco & Media
Travel & Hospitality
Utilities
Resources
Discover

Get guidance from leading experience professionals across a variety of mediums.
Blog
Newsroom
Customer Stories
Event Calendar
Careers
Medallia Xchange
Learn

Whether a tenured Medallia pro or a burgeoning advocate, there’s plenty to learn.
Training & Certification
Medallia User Group
Experience 101
Experience Now
Resource Library
Partners
Support

Our team is ready to support you with knowledge, help, and new enhancements.

Knowledge Center
Experts on Demand
Contact Support
exp
EXP Now

Medallia’s On-Demand Streaming Network

Watch Now

English

SELECT YOUR REGION & LANGUAGE

  • English

  • France (Français)

  • Germany (Deutsch)

  • Spain (Español)

  • Latin America (Español)

  • Italy (Italiano)

  • Japan (日本語)

  • Korea (한국어)

  • Brazil (Português Brasileiro)

Request a demo

Data Privacy Framework Notice

Data Privacy Framework Notice

Privacy Policy Data Privacy @ Medallia Customer DPA Sub-processor List
Logos

Commitment to the Data Privacy Framework principles

Medallia, Inc., as well as its subsidiaries Strikedeck, Inc., Zingle, Inc., and Decibel, Inc., comply with the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework and the Swiss-U.S. Data Privacy Framework, as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, the United Kingdom, and Switzerland (collectively, the “Frameworks”). We have certified to the Department of Commerce that we adhere to the Data Privacy Framework Principles with respect to such information. If there is any conflict between the terms of this notice and the Data Privacy Framework Principles, the Data Privacy Framework Principles shall govern. To learn more about the Data Privacy Framework, and to view our certification, please visit here

This notice does not apply to data that we collect about employees of our subsidiaries in the EEA or Switzerland, or to data that we collect from other jurisdictions; we cover the legal requirements for these data transfers using the Standard Contractual Clauses, as well as separate notices.

Data processed

Medallia provides a software-as-a-service platform and related online services to its customers, which are collectively called the Medallia Experience Cloud.

As a data controller, we process personal data of representatives of our clients, potential clients, vendors, service providers, professional advisors, business partners, consultants or other third parties in the EEA and Switzerland (“EEA Business Contacts”) to support our business operations, for example, in the context of sending marketing communications, making sales calls, providing support, invoicing, and collections. From our EEA Business Contacts, we typically collect name, job title, company affiliation and contact information. 

As a data processor, we process personal data of EEA and Swiss individuals on behalf of the clients in the Medallia Experience Cloud (“EEA Customer Data”). Our clients use the Medallia Experience Cloud to process personal data at their discretion, including data pertaining to their own customers and employees. 

The clients who use the Medallia Experience Cloud provide information on how they process their customers and employees’ data in their own, separate privacy notices. We support the clients who use the Medallia Experience Cloud as a data processor but do not control these customer’s data processing practices. 

Purposes of collection and use

We collect and use personal data of EEA Business Contacts for purposes of providing information about our products and services to our clients, registering our clients for events, communicating with business partners, providing support, billing our clients, and conducting related tasks for legitimate business purposes. With respect to marketing, you may opt-out of receiving marketing communications from Medallia.

We collect and use personal data on behalf of the clients of our the Medallia Experience Cloud for the purposes of providing those platforms and services to our clients. We may access the data to provide the services, to correct and address technical or service problems, to follow instructions of the Medallia customer (and their customers and employees) who submitted the data, or in response to contractual and legal requirements.

Third parties who may process personal data

Medallia uses a limited number of third party service providers and partners to assist us in providing our products and services to our clients. Medallia maintains contracts with these third parties restricting their access, use and disclosure of personal data in compliance with our Data Privacy Frameworkobligations.

We may share the personal data of EEA Business Contacts with the providers of our business productivity software (such as email and teleconferencing platforms), consumer relationship management software, marketing and data enhancement software (including marketing communications automation platforms), marketing data analytics software, help desk ticketing software, and billing and collections software in order to enable their respective business functions. If you purchase Medallia products and services through our channel partners, such as distributors and resellers, we may provide the personal data of EEA Business Contacts to such third parties to provide you with information about Medallia’s products and services.

We may share personal data of EEA and Swiss individuals that is collected in the Medallia Experience Cloud (“EEA Customer Data”) with our subsidiaries, affiliates, partners and contractors who provide managed services and support for the platforms and services. We may also share EEA Customer Data with vendors to support our technical operations (including vendors who assist us with visitor analytics, SaaS event logging, and technical support), and provide data storage.

Depending on the technology integrations or features chosen by the clients who purchase the Medallia Experience Cloud, we may also provide EEA Customer Data to partners who provide such integrations or features (including, for example, interactive voice response, SMS, translation integrations, and screen capture features). 

Where we have received your personal data under the Frameworks and subsequently transfer it to a third party agent or service provider for processing, then we remain liable if such third party agent or service provider processes your personal data in a manner inconsistent with the Framework’s principles.

We may also disclose personal data of EEA Business Contacts and EEA Customer Data where we are legally required to disclose (e.g., under statutes, contracts or otherwise), in response to lawful requests by public authorities (including to meet national security or law enforcement requirements), or where the disclosure is permitted by law or the Data Privacy Framework principles and we have a legitimate business interest in such disclosure.

Your right to access, limit use, and limit disclosure

EU, UK and Swiss residents have rights to access, correct and delete their personal data, and to limit use and disclosure of their personal data. Medallia honors these rights by responding to legitimate requests to access, correct, delete, limit use, or disclosure of personal data to [email protected]. Because Medallia has limited ability to access EEA Customer Data, if you send us a request related to EEA Customer Data please provide the name of the Medallia customer who provided us with or asked us to collect your data. We will refer your request to that customer, and we will support them as needed in responding to your request.

EEA Business Contacts may choose to unsubscribe from marketing communications by following the unsubscribe link contained in each marketing email. For communications from Medallia, Inc., you can also unsubscribe by accessing the preference center by clicking here

Inquiries and complaints

If you have any questions regarding this notice or if you need to update, change or remove personal data that we control, you can do so by contacting [email protected] or by regular mail addressed to:

Medallia Inc.

Attn: General Counsel

6220 Stoneridge Mall Rd Floor 2

Pleasanton, CA 94588

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, Medallia will cooperate with EU data protection authorities, the UK Information Commissioner’s Officer (ICO) and the Swiss Federal Data Protection and Information Commissioner (together, DPAs). Medallia will comply with information and advice provided by the DPAs with respect to such unresolved concerns, and will take appropriate steps to correct Data Privacy Framework compliance issues. Click here for a list of EU DPAs.

Under certain conditions, more fully described on the Data Privacy Framework website at https://www.dataprivacyframework.gov/, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.

Investigatory and enforcement powers of the FTC

Medallia is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).