Last updated: January 23, 2020
ON24, Inc. and our subsidiaries (collectively, “ON24,” “our,” “us” or “we”) recognize the importance of privacy. ON24 is committed to protecting the personal information of our clients and prospective clients, as well as other users of our websites and services.
This table provides a summary of the personal information we collect and how we us it, which is further explained below. While the actual information we collect and our use of such personal information varies depending upon the nature of our relationship and interactions, the table below provides a general overview of the categories of personal information we collect and the purposes for which we use such information.
|Categories of Personal Information We Collect||Use of Personal Information|
|Name, contact information and other identifiers: identifiers such as a name, username, account name, address, phone number, email address, online identifier, IP address, or other similar identifiers.||Operating services and Site and providing related support
Responding to requests
Analyzing and improving services, Site and our business
Advertising and marketing
Protecting our legal rights and preventing misuse
Complying with legal obligations
Related to our general business operations
|Customer records: paper and electronic customer records containing personal information, such as name, signature, contact information, and payment information.|
|Protected classifications: characteristics of protected classifications under California or federal law (e.g., such as disability provided by you related to an event registration).|
|Commercial information: such as records of products or services purchased, obtained, or considered, or other purchasing or use histories or tendencies.|
|Internet or other electronic network activity information: such as browsing history, and information regarding a consumer’s interaction with an Internet website, application, or advertisement.|
|Geolocation data: location information about a particular individual or device.|
|Audio, video and other electronic data: such as call recordings, as well as other audio, electronic, visual, or similar information.|
|Employment information: professional or employment-related information.|
|Profiles and inferences: Inferences drawn from any of the information identified above to create a profile reflecting a resident’s preferences, characteristics, behavior or attitudes.|
Individual rights. Please see the Your Choices and Rights section below for a description of the choices we provide and the rights you have regarding your personal information. If you are a California resident, please be sure to review the Additional Information for Individuals in Certain Jurisdictions section below for important information about the categories of personal information we collect and disclose and your rights under California privacy laws.
Introduction and Scope
Personal Information. In this privacy notice, our use of the term “personal information” includes other similar terms under applicable privacy laws—such as “personal data” and “personally identifiable information.” In general, personal information includes any information that identifies, relates to, describes, or is reasonably capable of being associated, or reasonably linked or linkable with a particular individual.
Controller and Responsible Party
For the purposes of the GDPR, ON24, Inc. is the controller of your personal information collected pursuant to this Policy. With respect to any Platform Data, our clients are the data controllers or businesses for their respective Platform Data, and we are a data processor or service provide, as defined under applicable privacy laws.
Information We Collect
The personal information that we collect and process will vary depending upon the circumstances. You do not have to provide us with your personal information to access much of the Site. If you choose not to disclose certain information, you can still visit our Site, but you will not be able to create an account with us, you may be unable to access certain options and services, and we may be unable to fully respond to your inquiries.
Sources of Personal Information. We collect personal information directly from individuals, automatically related to the use of our Site, and in some cases, from third parties (such as social networks, platform providers, payment processors, and operators of certain third party services that we use).
Information Collected Directly. We may collect personal information about you directly from you or from your company. For example, when you fill out a ‘Contact Us’ form, signup for our mailing lists, register for events we host or sponsor, or otherwise provide us information through the Site, we may collect personal information such as:
Information Collected from Third Parties. We may collect personal information about you from third party sources, such as business partners, social media platforms, public sources, joint marketing partners, our resellers (so that we can deliver our Platform and related services) and third parties to whom you have expressed interest in our products and services, as well as information that you shared on social media platforms (subject to the respective platform terms and applicable laws).
Categories of Personal Information We Collect. Certain laws, such as the California Consumer Privacy Act (“CCPA”) requires that we disclose certain information about the categories of personal information that we collect about individuals. While the information we collect varies depending upon the circumstances, such as our interactions with you, we may collect the following categories of personal information (subject to applicable legal requirements and restrictions):
Purposes and Legal Bases of Use
Certain laws, including the EU General Data Protection Regulation (“GDPR”), require that we inform you of the legal bases for our processing of your personal information. Pursuant to the GDPR (and other similar laws), we process personal information for the following legal bases:
In addition, we may process your personal information where necessary to protect the vital interests of any individual.
Purposes for Using Personal Information. The purposes for which we may process personal information will vary depending upon the circumstances In general we use personal information for the purposes set forth below, and where the GDPR or other relevant laws apply, we have set forth the legal bases for such processing in parenthesis (see above for further explanation of our legal bases):
Aggregate, De-identified or Anonymous Data. We also create and use aggregate, anonymous and de-identified data to assess, improve and develop our business, products and services, and for similar research and analytics purposes. This information is not generally subject to the restrictions in this Policy, provided it does not identify and could not be used to identify a particular individual.
Disclosures of Personal Information
In general, we disclose the personal information we collect as follows:
Aggregate, De-identified or Anonymous data. We may share aggregate, anonymous or de-identified data with third parties for research, marketing, analytics and other purposes, provided such information does not identify a particular individual.
Categories of Personal Information Disclosed. Certain privacy laws (such as the CCPA) require that we disclose the categories of personal information that we may disclose for a business purpose. (Further descriptions of the categories of personal information are provided above, in the Information We Collect section). In general, we may disclose the following categories of personal information in support of our business purposes identified above:
Categories of Personal Information Sold. The CCPA defines a “sale” as disclosing or making available to a third party personal information in exchange for monetary or other valuable consideration. While we do not disclose personal information to third parties in exchange for monetary compensation from such third parties, we do make certain categories of personal information available to third parties, in order to receive certain services or benefits from them (such as when we allow third party tags to collect browsing history and other information on our Site to improve and measure our ad campaigns), including:
Cookies and Similar Devices
Clear GIFs, Pixel Tags and Other Technologies. Clear GIFs are tiny graphics with a unique identifier, similar in function to cookies. In contrast to cookies, which are stored on your computer’s hard drive, clear GIFs are embedded invisibly on web pages. We may use clear GIFs (also referred to as web beacons, web bugs or pixel tags), in connection with our services to, among other things, track the activities users of our services, help us manage content, and compile statistics about usage of our services. We and our third party service providers also use clear GIFs in HTML emails to our customers, to help us track email response rates, identify when our emails are viewed, and track whether our emails are forwarded.
Log Files. Most browsers collect certain information, such as your IP address, device type, screen resolution, operating system version, and internet browser type and version. This information is gathered automatically and stored in log files.
ON24 is headquartered in the United States and has operations and service providers in the United States and throughout the world. As such, we and our service providers may transfer your personal information to, or access it in, jurisdictions (including the United States, the UK and the European Union, Australia and Singapore) that may not provide equivalent levels of data protection as your home jurisdiction. We will take steps to ensure that your personal information receives an adequate level of protection in the jurisdictions in which we process it, including through appropriate written data processing terms and/or data transfer agreements.
Privacy Shield: ON24 has certified its adherence to and will comply with the EU-U.S. and Swiss-U.S. Privacy Shield Principles, which can be found at https://www.privacyshield.gov/ (collectively, “Privacy Shield Principles”), with respect to the Platform Data we receive from the European Economic Area and Switzerland. You can review the Privacy Shield Principles, learn more about Privacy Shield, and view our Privacy Shield certification at https://www.privacyshield.gov/. ON24’s commitments under the Privacy Shield are subject to the investigatory and enforcement powers of the United States Federal Trade Commission.
If you are in the European Economic Area, and we process your personal information in a jurisdiction that the European Commission has deemed to not provide an adequate level of data protection (a “third country”), we will implement measures to adequately protect your personal information, such as putting in place standard contractual clauses approved by the European Commission or another measure that has been approved by the EU Commission as adducing adequate safeguards for the protection of personal information when transferred to a third country. You have a right to obtain details of the mechanism under which your personal information is transferred outside of the EEA; you may request such details by contacting us as set forth in the Contact Us section below.
Protection of Children’s Personal Information
ON24 does not publish content that is targeted at children. The Site is not intended for minors under the age 16. We do not knowingly or specifically collect information about minors under the age of 16. If you believe we have unintentionally collected such information, please notify us as set out in the Contact Us section below.
Wherever your personal information may be held within ON24 or on its behalf, we take reasonable steps to protect the personal information that you share with us from unauthorized access or disclosure, including, without limitation, restricting access to certain portions of our website through access controls, and using firewalls. Regardless of the precautions taken by us, ON24 cannot ensure or warrant the security of any information you transmit to us, and you transmit such information at your own risk. You are responsible for all actions taken with your User ID and password, if any. Therefore, we recommend that you do not disclose your password to anyone. If you lose control of your password, you may lose substantial control over your personally identifiable information and may be subject to legally binding actions taken on your behalf.
Your Choices and Rights
Access, Amend and Correct. If you wish to access personal information that you have submitted to us, to request the correction of any inaccurate information you have submitted to us, or to request deletion of your information, please send your request to firstname.lastname@example.org. We will review your request and make reasonable efforts to respond to it as soon as practicable. We may ask you for additional information so that we can confirm your identity.
Direct Marketing. You may always opt-out of direct marketing emails. If you would like to unsubscribe from ON24 email subscriptions or otherwise change your email preferences with ON24, please click here or follow the instructions in any ON24 promotional email that we send to you. We may continue to send you transactional or service-related communications, such as service announcements and administrative messages.
Complaints. We will take steps to try to resolve any complaint you raise regarding our treatment of your personal information. You also have the right to raise a complaint with the privacy regulator in your jurisdiction.
Additional information for certain jurisdictions. We are committed to respecting the privacy rights of individuals under all privacy laws applicable to us. Some privacy and data protection laws require that we provide specific information about individual rights to applicable consumers, which we have set forth at the end of this privacy notice:
As a general rule, we retain your personal information for as long as necessary to fulfill the purposes for which it was collected or as necessary to comply with our legal obligations, resolve disputes, maintain appropriate business records, and enforce our agreements. In general, for example, we will retain relevant contact information of clients, prospective clients and Site visitors for three years from the date of our last interaction with you and in compliance with our obligations under applicable laws. Our clients instruct us on how long to retain Client Data, which we handle as a data processor. We may retain personal information for longer where required by our regulatory obligations, professional indemnity obligations, or where we believe necessary to establish, defend, or protect our legal rights and interests or those of others.
Changes to the Policy
ON24 may update this Policy to reflect new or different privacy practices or to reflect changes in industry standards or legal requirements. Revisions will be posted on our website. This statement of privacy is for the information of our users and does not constitute a contract or modification of any contract. When changes are made to this Policy, ON24 will post a new version of this Policy here. If the changes will materially affect the way we use or disclose your personal information, we will endeavor to notify you in advance of the change, such as by sending a notice to the primary email address associated with your account or by posting a notice on the Site. We encourage you to periodically review this Policy for the latest information on our privacy practices.
ON24 welcomes your comments regarding this Policy. Please feel free to email us at email@example.com or via postal mail at ON24, Attn: Privacy, 50 Beale Street, 8th Floor, San Francisco, CA 94105.
EU Representative. Individuals in the EU may also contact us through our UK office at ON24 Ltd., Attn: Privacy, 6th Floor, 210 Pentonville Road, Kings Cross, London N1 9JY, United Kingdom.
Additional Information for Individuals in Certain Jurisdictions
In this section, we provide information for California residents, as required under California privacy laws, including the California Consumer Privacy Act (“CCPA”), which requires that we provide California residents certain specific information about how we handle their personal information, whether collected online or offline. This section does not address or apply to our handling of publicly available information made lawfully available by state or federal governments or other personal information that is subject to an exemption under the CCPA.
California Residents’ Rights. California law grants California residents certain rights and imposes restrictions on particular business practices as set forth below.
California residents may make a Request to Know up to twice every 12 months, at no charge. We will respond to verifiable requests received from California residents as required by law.
Submitting Verifiable Requests. Requests to Know and Requests to Delete may be submitted:
We will respond to verifiable requests received from California residents as required by law. For more information about our privacy practices, you may contact us as set forth in the Contact Us section above.
Individuals in the European Union / European Economic Area
This section explains the right that data subjects in the European Union / European Economic Area (“EEA”) have pursuant to the GDPR.
Rights under the GDPR. Individuals in the EEA have the below rights with respect to their personal information.
Submitting a GDPR Request. Please contact us as set out in the Contact Us section above to exercise one of these rights. If we receive any requests from individuals related to the Platform Data, we will forward the request to the relevant clients.