Privacy Policy

Last updated: June 8, 2018

ON24 Online Privacy Policy

Introduction and Scope

ON24, Inc. and our subsidiaries (collectively, “ON24,” “our,” “us” or “we”) recognize the importance of privacy.  This ON24 Online Privacy Policy (this “Policy”) explains how we process information that we collect from users of our website at www.on24.com and the services available on our website (together, the “Site”), as well as from our former, current and prospective clients and other individuals that access the Site, or communicate or engage with us about our products and services.   This Policy should be read in conjunction with the ON24 Terms of Use located on our website, which are incorporated herein by reference. For the purposes of EU data protection law, and unless you are explicitly notified otherwise, ON24, Inc. is the controller of your personal information.

Platform Data: This Policy does not apply to the Platform content or personal information that our clients collect, submit, manage, create, or record via the Platform, or the personal information we collect, access, store, use or otherwise process (collectively, “process”) via the Platform registrants, participants and other end users of client events (the “Platform Data”). Please see the ON24 Platform Privacy Policy for information about our processing of Platform Data and for the definition of “Platform.”  As set out in the ON24 Platform Privacy Policy, ON24 is a processor of the Platform Data; we only use the personal information that we process as part of the Platform Data subject to our agreements with clients and their written instructions, or where otherwise required by law.

Information We Collect  

We collect personal information directly from individuals, from third parties, and also automatically through the use of the Site. You do not have to provide us with your personal information to access much of the Site. However, if you choose not to disclose certain information, you can still visit our website, but you will not be able to create an account with us, and you may be unable to access certain options and services.

Information Collected Directly. We may collect personal information about you directly from you or from your company.   For example, when you fill out a ‘Contact Us’ form, register for an account, signup for our mailing lists, register for events we host or sponsor, register for an account, post comments on the Site, or otherwise provide us information through the Site.

Generally, the information we collect includes your:

  • name, company name, and title/position
  • payment and billing information
  • email address, phone number, mailing address and contact details
  • job title, other company information (such as country and industry sector)
  • contact preferences and interests
  • business affiliations
  • customer (and authorized user) account information (to access various parts of the Platform, and to create events and webinars) – name, email address, telephone number, company name, and other information necessary to confirm that you are an authorized user of a client (where relevant)
  • other information related to your request or inquiry

Automatically-Collected Information. We use cookies, log files, pixel tags, local storage objects, and other tracking technologies to automatically collect information when users access or use the Services or visit the Site, such as IP address, general location information, domain name, page views, a date/time stamp, browser type, device type, device ID, Internet service provider (“ISP”), referring/exit URLs, operating system, language, clickstream data, and other information about the links clicked, features used, size of files uploaded, streamed or deleted, and similar device and usage information.  For more information, see the “Cookies and Similar Devices” section below.

Information from Third Parties.  We may receive name, company and business contact details from third parties, such as business partners, our resellers (so that we can deliver our Platform and related services) and third parties to whom you have expressed interest in our products and services, as well as information that you shared on social media platforms (subject to the respective platform terms and applicable laws).

How We Use Your Information

We use your information, including your personal information, primarily to market and provide our services to you. In particular, we may use your information as follows:

  • Providing Support and Services: to provide and operate the Site and services, communicate with you about your use of the Site and our services, provide troubleshooting and technical support, respond to your inquiries, fulfill your orders and requests, process your payments, communicate with you, and for similar service and support purposes.
  • Responding to Your Requests: for the purpose for which you provided the information to us, such as to respond to your inquiries and to provide information in response to your request.
  • Analytics and Improvement: to better understand how users access and use our services, both on an aggregated and individualized basis, to administer, monitor, and improve our services, for our internal purposes, and for other research and analytical purposes.
  • Personalization: to tailor the content and information that we may send or display to you, to offer location customization (where permitted by applicable law), and to otherwise personalize your experiences while using the Site.
  • Marketing and Promotional Purposes: for example, where permitted by law, we may use your information, such as your email address, phone number, or mailing address to contact you about services or information we think may interest you.  If you are located in a jurisdiction that requires opt-in consent to receive electronic marketing messages or calls, we will only contact you for direct marketing if you have opted-in.
  • Advertising: to advertise our services on third party sites and social media platforms.
  • Protect Our Legal Rights and Prevent Misuse: to protect our customers, employees or property — for instance, to prevent, detect and investigate fraud, misuse, harassment or other types of unlawful activities, where we believe necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety or legal rights of any person or third party, or violations of this Policy and our applicable terms of service and agreements.
  • Comply with Legal Obligations:  to comply with the law or legal proceedings. For example, we may disclose information in response to subpoenas, court order, and other lawful requests by regulators and law enforcement, including responding to national security or law enforcement disclosure requirements.
  • General Business Operations: where necessary to the administration of our general business, accounting, recordkeeping and legal functions.

We also create and use anonymous and de-identified information to assess, improve and develop our business, products and services, and for similar research and analytics purposes.  This information is not generally subject to the restrictions in this Policy, provided it does not identify and could not be used to identify a particular individual.

Purpose of Processing (see above) Legal Bases of Processing (EU Users)*

Providing Support and Services

Responding to Your Requests

  • Necessary to Enter into or Perform a Contract with You (upon your request, or as necessary to make the Services available)
  • Our Legitimate Business Interests**
Analytics and Improvement
  • Our Legitimate Business Interests**
  • Establish, defend or protect our legal interests
Personalization
  • Our Legitimate Business Interests**

Marketing & Promotional Purposes

Advertising

  • Our Legitimate Business Interests**
  • With Your Consent

Protect Our Rights and Prevent Misuse

Comply with Legal Obligation

  • Compliance with law
  • Establish, defend or protect our legal interests
General Business Operations
  • Our Legitimate Business Interests**
  • Establish, defend or protect our legal interests
  • Compliance with law

* For the personal data from the EU that we process, this column describes the relevant legal bases for such processing under the GDPR (and local implementing laws of EU member states); this does not limit or modify the obligations, rights and requirements under the privacy laws of non-EU jurisdictions.

** For the personal data from the EU, the processing is in our legitimate interests, which are not overridden by your interests and fundamental rights.  Our legitimate interests include assessing and improving our products and services, understanding our clients’ needs and interests so that we can make our services more useful to clients, providing clients with news, information and marketing materials that are more relevant, providing training opportunities for employees, improving how we analyze and assess the success of client campaigns, developing trend and benchmark reports, and similar purposes.

When We Disclose Your Information

We do not sell your personal information to third parties.  In general, we disclose the personal information we collect as follows:

  • Subsidiaries.We may disclose the information we collect from you to our subsidiaries, whose handling of your personal information is subject to this Policy.  A list of our subsidiaries is available here.
  • Service Providers.We may disclose the information we collect from you to third party service providers who perform functions on our behalf. Third party service providers will only process your personal data in accordance with our instructions and will implement adequate security measures to protect your personal data.
  • Enterprise Users. If you use, access or communicate with us about our Platform or related services on behalf of your company (our client), we may share personal information about your access, and your communications or requests, with the relevant enterprise client.
  • In Response to Legal Process.We may disclose the information we collect from you in order to comply with the law, judicial proceedings, a court order, or other legal process, such as in response to a subpoena.
  • To Protect Us and Others.We may disclose the information we collect from you where we believe it is necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of the ON24 Terms of Use or this Policy, to respond to claims asserted against us or, or as evidence in litigation in which we are involved.
  • Business Transfers.We may disclose or transfer information, including personal information, as part of any merger, sale, and transfer of our assets, acquisition or restructuring of all or part of our business, bankruptcy, or similar event, including related to due diligence conducted prior to such event where permitted by law.

We may share aggregate or de-identified information with third parties for research, marketing, analytics and other purposes, provided such information does not identify a particular individual.

Cookies and Similar Devices

We and our third party service providers use “cookies,” pixels, java script, log files, and other mechanisms on the Site. For more detailed information about the use of cookies on the Site and how you can manage your cookie preferences, you can review our Cookie Policy found here.

Cookies. A “cookie” is a small text file that may be used, for example, to collect information about website activity. Some cookies allow us to make it easier for you to navigate the Site, while others are used to enable a faster log-in process or to allow us to track your activities while using the Site.  Most browsers allow you to control cookies, including whether or not to accept them, and how to remove them.  See our Cookie Policy for more information.

Clear GIFs, Pixel Tags and Other Technologies. Clear GIFs are tiny graphics with a unique identifier, similar in function to cookies. In contrast to cookies, which are stored on your computer’s hard drive, clear GIFs are embedded invisibly on web pages. We may use clear GIFs (also referred to as web beacons, web bugs or pixel tags), in connection with our Services to, among other things, track the activities users of our Services, help us manage content, and compile statistics about usage of our Services. We and our third party service providers also use clear GIFs in HTML emails to our customers, to help us track email response rates, identify when our emails are viewed, and track whether our emails are forwarded.

Log Files. Most browsers collect certain information, such as your IP address, device type, screen resolution, operating system version, and internet browser type and version. This information is gathered automatically and stored in log files.

Third-Party Analytics. We also use automated devices and applications, such as Google Analytics (more info here) to evaluate use of our Services. We use these tools to gather non-personal data about users to help us improve our Services and user experiences. These analytics providers may use cookies and other technologies to perform their services and may combine the information they collect about you on the Site with other information they have collected for their own purposes. This Policy does not cover such uses of data by third parties.

Do-Not-Track Signals. The Site does not respond to do-not-track signals. For more information about do-not-track signals, please click here. You may, however, disable certain tracking as discussed above (e.g., by disabling cookies) and set out in our Cookie Policy.

Interest-Based Advertising

We work with third party ad networks, analytics companies, measurement services and others (“third party ad companies”) to manage our advertising on third party sites, mobile apps and online services. We and these third party ad companies may use cookies, pixels tags, and other tools to collect activity information on our Services (as well as on third party sites and services), as well as IP address, device ID, cookie and advertising IDs, and other identifiers, general location information, and, with your consent, your device’s geolocation information; we and these third party ad companies use this information to provide you more relevant ads and content and to evaluate the success of such ads and content.

See our Cookie Policy for information on the third parties that we work with, and how you can opt out of ads from them.  For more information about third party ad networks and to opt out of interest based ads from many ad networks go to:

Canada: www.youradchoices.ca

EU: www.youronlinechoices.eu

U.S.: www.aboutads.info

International Transfers

ON24 is headquartered in the United States and has operations and service providers in the United States and throughout the world. As such, we and our service providers may transfer your personal information to, or access it in, jurisdictions (including the United States, the UK and the European Union, Australia and Singapore) that may not provide equivalent levels of data protection as your home jurisdiction. We will take steps to ensure that your personal data receives an adequate level of protection in the jurisdictions in which we process it, including through appropriate written data processing terms and/or data transfer agreements.

Privacy Shield: ON24 has certified its adherence to and will comply with the EU-U.S. and Swiss-U.S. Privacy Shield Principles, which can be found at https://www.privacyshield.gov/    (collectively, “Privacy Shield Principles”), with respect to the Platform Data we receive from the European Economic Area and Switzerland. You can review the Privacy Shield Principles, learn more about Privacy Shield, and view our Privacy Shield certification at https://www.privacyshield.gov/. ON24’s commitments under the Privacy Shield are subject to the investigatory and enforcement powers of the United States Federal Trade Commission.

If you are in the European Economic Area, and we process your personal information in a jurisdiction that the European Commission has deemed to not provide an adequate level of data protection (a “third country”), we will implement measures to adequately protect your personal information, such as putting in place standard contractual clauses approved by the European Commission or another measure that has been approved by the EU Commission as adducing adequate safeguards for the protection of personal information when transferred to a third country.   You have a right to obtain details of the mechanism under which your personal information is transferred outside of the EEA; you may request such details by contacting us as set forth in the “Contact us” section below.

Security of Your Personal Information
ON24 has implemented processes in an attempt to protect your personal information from misuse. Your information may be stored and processed in the United States or any other country where ON24, its subsidiaries, or its third party service providers are located.

Control of Your Password(s)
You are responsible for all actions taken with your User ID and password, if any. Therefore, we recommend that you do not disclose your password to anyone. If you lose control of your password, you may lose substantial control over your personally identifiable information and may be subject to legally binding actions taken on your behalf.

Protection of Children’s Personal Information

ON24 does not publish content that is targeted at children. The Site is not intended for minors under the age 16. We do not knowingly or specifically collect information about minors under the age of 16. If you believe we have unintentionally collected such information, please notify us as set out in the “Contact Us” section below.

Security
Wherever your personal information may be held within ON24 or on its behalf, we take reasonable steps to protect the personal information that you share with us from unauthorized access or disclosure, including, without limitation, restricting access to certain portions of our website through access controls, and using firewalls. Regardless of the precautions taken by us, ON24 cannot ensure or warrant the security of any information you transmit to us, and you transmit such information at your own risk.

 

Your Choices and Rights

Access, Amend and Correct. If you wish to access personal information that you have submitted to us, to request the correction of any inaccurate information you have submitted to us, or to request deletion of your information, please send your request to dsr@on24.com.  We will review your request and make reasonable efforts to respond to it as soon as practicable. We may ask you for additional information so that we can confirm your identity.

Direct Marketing. You may always opt-out of direct marketing emails. If you would like to unsubscribe from ON24 email subscriptions or otherwise change your email preferences with ON24, please click here or follow the instructions in any ON24 promotional email that we send to you. We may continue to send you transactional or service-related communications, such as service announcements and administrative messages.

Complaints. We will take steps to try to resolve any complaint you raise regarding our treatment of your personal information.  You also have the right to raise a complaint with the privacy regulator in your jurisdiction.

Users in the European Economic Area. Individuals in the EEA have the below rights with respect to their personal information.

  • Access. You can ask us to: confirm whether we are processing your personal data; give you a copy of that data; provide you with other information about your personal data such as what data we have, what we use it for, who we disclose it to, whether we transfer it abroad and how we protect it, how long we keep it for, what rights you have, how you can make a complaint, where we got your data from and whether we have carried out any profiling, to the extent that such information has not already been provided to you in this Policy.
  • Rectification. You can ask us to rectify inaccurate Information. We may seek to verify the accuracy of the data before rectifying it.
  • Erasure. You can ask us to erase your personal data, but only where: it is no longer needed for the purposes for which it was collected; you have withdrawn your consent (where the data processing was based on consent); following a successful right to object (see ‘Objection’ below); it has been processed unlawfully; or to comply with a legal obligation to which we are subject. We are not required to comply with your request to erase your personal data if the processing of your personal data is necessary: for compliance with a legal obligation; or for the establishment, exercise or defense of legal claims. There are certain other circumstances in which we are not required to comply with your erasure request, although these two are the most likely circumstances in which we would deny that request.
  • Restriction. You can ask us to restrict (i.e. keep but not use) your personal data, but only where: its accuracy is contested (see ‘Rectification’ above), to allow us to verify its accuracy; the processing is unlawful, but you do not want it erased; it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; you have exercised the right to object, and verification of overriding grounds is pending. We can continue to use your personal data following a request for restriction, where: we have your consent; to establish, exercise or defend legal claims; or to protect the rights of another natural or legal person.
  • Right to Object. You can ask us to stop processing your personal information, and we will do so (i)  to the extent that we are relying on our legitimate interests to use your personal information, you have the right to object to such use, unless we can either demonstrate compelling legitimate grounds for the use that override your interests, rights and freedoms or where we need to process the data for the establishment, exercise or defense of legal claims, and (ii) where we are processing your personal information for direct marketing purposes.
  • Portability. You can ask us to provide your personal data to you in a structured, commonly used, machine-readable format, or you can ask to have it ‘ported’ directly to another Data Controller, but only where our processing is based on your consent and the processing is carried out by automated means.
  • Withdrawal of Consent. You can withdraw your consent in respect of any processing of personal data which is based upon a consent which you have previously provided.

Please contact us as set out in the “Contact Us” section below to exercise one of these rights.  If we receive any requests from individuals related to the Platform Data, we will forward the request to the relevant clients.

Retention

As a general rule, we retain your personal information for as long as necessary to fulfill the purposes for which it was collected or as necessary to comply with our legal obligations, resolve disputes, maintain appropriate business records, and enforce our agreements.  In general, for example, we will retain relevant contact information of clients, prospective clients and Site visitors for three years from the date of our last interaction with you and in compliance with our obligations under applicable laws.  Our clients instruct us on how long to retain Client Data, which we handle as a data processor.  We may retain personal information for longer where required by our regulatory obligations, professional indemnity obligations, or where we believe necessary to establish, defend, or protect our legal rights and interests or those of others.

Changes to the Policy

ON24 may update this Policy to reflect new or different privacy practices or to reflect changes in industry standards or legal requirements. Revisions will be posted on our website. This statement of privacy is for the information of our users and does not constitute a contract or modification of any contract. When changes are made to this Policy, ON24 will post a new version of this Policy here. If the changes will materially affect the way we use or disclose your personal information, we will endeavor to notify you in advance of the change, such as by sending a notice to the primary email address associated with your account or by posting a notice on the Site. We encourage you to periodically review this Policy for the latest information on our privacy practices.

Contact Information

ON24 welcomes your comments regarding this Policy. Please feel free to email us at privacy@on24.com or via postal mail at ON24, Attn: Privacy, 50 Beale Street, 8th Floor, San Francisco, CA 94105.

EU Representative.  Individuals in the EU may also contact us through our UK office at ON24 Ltd., Attn: Privacy, 6th Floor, 2 Kingdom Street, London W2 6BD, United Kingdom.

ON24