Overview
LAST REVIEWED AND UPDATED MAY 30, 2018
At Medallia, we want to provide you with information about the collection and use of your personal data. The following privacy notices explain the different ways your personal data is collected and used, and how you can exercise your preferences.
- The Medallia Experience Cloud Privacy Notice addresses the data we collect to provide our software-as-a-service (“SaaS”) platform to our clients.
- The Website Privacy Notice addresses the data we collect from Medallia’s company websites, including medalliastage.wpengine.com, and customer prospects in our marketing efforts.
- The Recruitment Privacy Notice addresses the data we collect in our employee recruiting efforts.
- The Cookies Notice addresses the cookies we use in the Medallia Experience Cloud and on our company websites.
Medallia is certified under the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. For more information see our Notice of Privacy Shield Certification.
About Medallia
Medallia provides SaaS and professional services to other companies (our clients) that enable them to:
- collect customer feedback, primarily through surveys;
- distribute the feedback to employees throughout their organization; and
- analyze the feedback to drive operational changes in their business.
Medallia performs these functions on behalf of our clients. Medallia is not in the business of selling or renting personal data.
How to Contact Us
Questions about Communications from Medallia’s Clients
- For information about email survey invitations or other communications sent by Medallia on behalf of one of our clients, including opt out and data deletion requests please visit our opt-out FAQ.
- For general support inquiries, including problems with survey completion and incorrect survey invitations, please visit our survey support portal.
Changes to our Notices
Updates to our privacy notices will be posted on our home page, sent to our clients via email, or through other appropriate channels. If you want to review our old privacy policy, effective before May 30, 2018, click here.
Our Group Companies
Our privacy notices cover how Medallia, Inc. and its subsidiaries and affiliated entities (collectively, “Group Companies”) handle your personal data. Group Companies are Medallia, Inc., Medallia Australia Pty Ltd, Medallia Canada Inc., MEDACX, S. de R.L. de C.V. (in Mexico), Medallia S.A. (in Argentina), Medallia Limited (in the United Kingdom), Medallia France Sarl, Medallia Digital Ltd. (in Israel), and Medallia GmbH (in Germany).
For additional privacy inquiries
If you have questions about our privacy practices, you can contact us by emailing privacy@medallia.com, or by writing to us at:
Privacy, Medallia, Inc.
575 Market Street Suite 1850, San Francisco, CA 94105
Privacy, Medallia Limited
5th Floor 80 Cheapside London EC2V 6EE
Medallia Experience Cloud Notice
EFFECTIVE DATE MAY 30, 2018 - LAST REVIEWED AND UPDATED MAY 30, 2018
Introduction
This notice addresses the data Medallia collects to provide our SaaS platform and services to our clients. Clients use this platform to collect customer feedback through different channels, including surveys and integrations with other platforms. Medallia also provides reporting applications that allow our clients to view and analyze the collected feedback.
In our privacy notice, we use the following terms:
- “Medallia Experience Cloud” refers to the SaaS platform and provision of professional services we provide to our clients.
- “client” refers to a business to which Medallia provides its services and SaaS platform, such as those listed at https://medalliastage.wpengine.com/customers/;
- “customer” refers to an individual who has had an interaction with a Medallia client and whose feedback is collected through the Medallia Experience Cloud. Customer interactions can span a wide variety, and include purchasing goods or services, contacting customer support, checking in to a hotel or property, and visiting a client’s web page or using its mobile app.
- “respondent” refers to an individual who is prompted to provide feedback to one of Medallia’s clients through the Medallia Experience Cloud.
What Data We Collect and How We Collect It
Medallia’s and our Clients’ Roles in Data Collection. In providing the Medallia Experience Cloud to our clients, Medallia collects data only according to our clients’ instructions. Our clients specify what customers we should contact to provide feedback, when we should contact them (for example, after completing a purchase at a client’s retail store), how we should contact them (for example, email or SMS), how often we should send them reminders to provide feedback, and what questions are asked. Medallia’s clients also decide whether to use inbound or outbound data integrations, and how to use or respond to feedback that is collected.
Medallia enters into agreements with our clients that legally obligate Medallia to protect data we receive or are directed to collect, and use it only to provide the products and services specified by the client. Under many data protection laws, including those in Europe, Medallia is considered a “data processor” to our clients, and our clients are considered “data controllers.” As data controllers, Medallia clients are responsible for complying with laws that may require notice, disclosure or consent related to the transfer of data to Medallia or its use in the Medallia Experience Cloud.
For more information on the types of data collected by a particular Medallia client, refer to the privacy notice or communications of the Medallia client. Our clients’ privacy notices are commonly located in the Medallia survey invitation (for web-based surveys) or on the client’s web site or mobile application (for digital surveys).
Legal Basis for Processing. Medallia clients provide instructions with regard to the upload, collection, transfer, and access of personal data in the Medallia Experience Cloud. As such, Medallia clients determine the legal basis they have for data processing. Medallia clients can use legitimate interest or consent as a legal basis for processing personal data in the Medallia Experience Cloud, although others may apply. For more information, refer to the privacy notice or communications of the Medallia client.
Identity of the Data Controller. As data controllers, Medallia clients are responsible for identifying themselves, where appropriate, in communications sent by the Medallia Experience Cloud. For example, Medallia survey invitations sent by email or SMS should identify the name of the Medallia client who directs us to conduct the survey. If you are having trouble identifying the data controller associated with a particular Medallia survey, please contact Medallia survey support here.
Web-based Surveys. In web-based surveys offered by the Medallia Experience Cloud, customers or employees receive a survey invitation and respond to the survey in a web interface. To send survey invitations Medallia clients can, for example, provide the Medallia Experience Cloud customer names, email addresses, and information about the customers’ interactions with their business (e.g., the name of the client’s store where the customer shopped). In addition, Medallia clients can provide the Medallia Experience Cloud with information that segments customers into groups, such as the type of account the customer holds, the type of product or service purchased, or the whether the customer is enrolled in a loyalty program.
When a respondent navigates to a Medallia web-based survey, Medallia collects the respondent’s IP address, the date and time the respondent accessed the survey, survey responses (typically numerical scores and narrative text responses), how far the user has navigated in the survey, and the type of device and web browser the customer used to access the survey. In some surveys, clients also direct Medallia to collect the geographical location of the customer’s device that is used to access the survey.
Digital Surveys. In these surveys, customers are prompted to respond to a survey within a client’s digital channels, such as a web page or mobile application. Clients can configure these surveys to:
- prompt customers for information such as name, email, a survey score, and a narrative text response to a prompt;
- collect analytics information (such as the customer’s IP address and type of web browser or mobile device);
- collect customer ID (such as the login name or email the customer uses to access the client’s web site or mobile application); and
- allow customers to take a screenshot that captures portions of the client’s web page or mobile application.
Integrations. Clients can integrate other tools, processes or platforms as inbound sources of data for the Medallia Experience Cloud, such as CRM platforms or marketing tools . Medallia clients control what data is stored in the Medallia Experience Cloud from these integrations. For more information, refer to the privacy notice or the communications of the Medallia client.
Clients can also configure the Medallia Experience Cloud as an outbound source of data for other tools, processes, or platforms, such as collaboration tools. Clients and any third parties associated with those tools, processes, or platforms are responsible for managing personal data outside the Medallia Experience Cloud. For example, clients can configure surveys to prompt customers to write reviews on third-party websites. If a customer chooses to submit a review for publication on that third-party site, any information the customer provides on that site is governed by the privacy notice or communications of that site.
Medallia Reporting Applications. Medallia provides clients web-based and mobile applications that are used by employees of Medallia clients to review and analyze customer feedback (referred to as “reporting applications” in this notice). To provide their employees access to these applications, clients can send Medallia employee names, identifiers (e.g., an employee ID), job title or function, and the store or business location they are associated with.
When an employee accesses a Medallia reporting application, Medallia collects the employee’s user name, IP address of the device used to access the reporting application, geographic area associated with the IP address, type of web browser and mobile device, time and date that the reporting application was accessed, and areas of the reporting application that were visited. Employees can also leave notes on feedback records.
Social Media Features and Widgets. Clients can configure surveys to include social media features, such as the Facebook Like button and widgets, such as the “share this” button. These features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the feature to function properly. Your interactions with these features are governed by the privacy notice or privacy-specific communications of the company providing them.
Information Medallia Does Not Collect. Unless configured by a client to do so, the Medallia Experience Cloud does not collect sensitive data, such as credit card numbers or government identification numbers, nor does it collect information defined as “sensitive personal data” under EU law, such as race, sexual orientation, or union membership.
How Personal Data is Used
By Medallia and Partners. Medallia uses personal data gathered in the Medallia Experience Cloud to provide the SaaS platform and services for which the client has engaged Medallia.
These uses can include contacting a client’s customers to provide feedback for web-based and digital surveys, providing gathered feedback and assisting the customer in managing data in the Medallia Experience Cloud, and analyzing the data gathered to improve the client’s business.
Medallia Clients. Medallia clients can use personal data collected in the Medallia Experience Cloud to improve their customers’ experiences with their business. Clients can use Medallia’s reporting applications to provide customer feedback to their front line employees, as well as managers and executives. Clients can also perform analysis in customer feedback to prioritize and make operational changes to their business, and use personal data gathered in the Medallia Experience Cloud to send follow-up communications customers.
Who Accesses Personal Data
Medallia Professional Services and Support. When a Medallia client engages Medallia’s professional services teams, Medallia professional services employees in Medallia’s Group Companies can access personal data of that client to perform work associated with tasks described above. If there is a support request, troubleshooting issue, or technical error (e.g., bug or product malfunction) that requires access to personal data, Medallia support and engineering staff in the Group Companies who are needed to address the issue will access that data.
Access to personal data stored in the Medallia Experience Cloud is provided using systems, procedures and controls approved by Medallia’s security team. Access is provided only as long as needed to perform the necessary work.
Third Party Professional Services, Servicing and Support. If permitted by a client, Medallia can use third parties to provide support for respondents and employees. Medallia clients can also provide access to the Medallia Experience Cloud to third party partners to perform systems integration, consulting, market research or servicing. For examples of Medallia’s professional services partners, see https://medalliastage.wpengine.com/partners/.
Medallia Clients. Medallia clients can provide their employees access to the Medallia Experience Cloud so that they can view and analyze gathered feedback. For more information, please contact the appropriate Medallia client.
Third-Party Technology Providers. Medallia transfers personal data as needed to vendors who provide our help desk ticketing software, support our technical operations (including vendors who assist us with web and mobile visitor analytics and SaaS event logging), assist with data transmission (including content delivery networks), and provide data storage. Depending on the technology integrations or features chosen by a Medallia client, we also transfer personal data of our client’s respondents as needed to provide the integrations or features (including, for example, interactive voice response, SMS, machine translation, or screen capture features).
Third parties that are provided access to personal data in the Medallia Experience Cloud are evaluated by TAG’s vendor risk management program and agree to appropriate security and data processing agreements with them.
Security. Medallia maintains a comprehensive security program with appropriate organizational and technical security practices measures to protect data stored in the Medallia Experience Cloud. For more details, visit https://medalliastage.wpengine.com/security/.
Storage Period. The data of a Medallia client is retained in the Medallia Experience Cloud until the termination of the client’s subscription, unless earlier deleted or modified per the client’s request.
Data Subject Rights (for EEA individuals). The Medallia Experience Cloud provides clients tools and processes for data modification, export, or deletion. If you are a respondent who wants to modify, access, or delete personal data associated with you in the Medallia Experience Cloud, please contact the appropriate Medallia client.
Opt Out and Withdrawal of Consent. Medallia offers its clients opt-out mechanisms to include in communications to individuals. Respondents who exercise an opt-out will be added to Medallia’s opt-out list for the relevant client as required by applicable law. For each client, Medallia does not send survey invitations to any e-mail address on the applicable opt-out list. Medallia may also provide its opt-out lists to clients and their agents on a timely basis so that they may, where appropriate, update their records. If you are a respondent who wishes to withdraw your consent from all data processing by a particular Medallia client, please contact the client.
International Data Transfer and Adequacy Laws
Personal data of data subjects can be processed by Medallia Group Companies or third parties in countries that have data protection laws different from those applicable to the data subjects. To satisfy adequacy requirements related to this international data transfer (such as those in the EEA):
- Medallia signs data processing agreements with our vendors and clients that have robust privacy and security terms, including, where appropriate, the Standard Contractual Clauses. If you are a Medallia client and would like to obtain a copy of our data processing agreement, contact your Medallia engagement representative.
- Medallia is certified under the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework, as listed here. Under these frameworks, we handle personal data of EEA and Swiss individuals collected through the Medallia Experience Cloud to standard principles. Medallia’s Notice of Privacy Shield Certification describes our compliance with these frameworks.
Disclosure of Data for Legal Obligations. Medallia will provide data discussed in this notice to any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend Medallia’s legal rights, or (iii) to protect the vital interests of our clients and their employees and respondents, or those of any other person. When requested by legal authorities to disclose personal information, Medallia will inform the court of various factors justifying confidentiality and respondent anonymity. Medallia will communicate with the affected client or individual as soon as possible, unless prohibited by law or court order.
Disclosure of Data for Merger, Acquisition or Sale. If Medallia is involved in a merger, acquisition or sale of all or a portion of its assets, Medallia may transfer data discussed in this notice to the buyer or new parent company. In this circumstance, the appropriate individuals will be notified about the change in ownership and use of their personal data, as well as any choices they may have regarding personal data.
Collection of Personal Data of Minors.
Medallia clients can use the Medallia Experience Cloud to gather feedback from individuals under 16. Such clients are responsible for complying with any applicable laws that require notice, disclosure or consent to individuals under 16.
For more information, refer to the privacy notice or privacy-specific communications of the Medallia client.
Complaints. You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority. Contact details for data protection authorities in the European Economic Area are available here. Contact details for the Federal Trade Commission are available here.
Website Notice
EFFECTIVE DATE MAY 30, 2018 - LAST REVIEWED AND UPDATED MAY 30, 2018
Introduction
This notice addresses the data we collect through Medallia’s company websites, including medalliastage.wpengine.com. Medallia uses this data for marketing purposes, including contacting prospective clients and understanding the ways users interact with our website.
Identity of the Data Controller
Medallia is the data controller for the marketing and website analytics data we collect. If you have additional questions about our practices as a data controller or if you would like to issue a complaint, you may contact us at privacy@medallia.com or by mail at the following addresses:
Privacy, Medallia, Inc.
575 Market Street Suite 1850, San Francisco, CA 94105
Privacy, Medallia Limited
5th Floor 80 Cheapside London EC2V 6EE
Marketing
What Data We Collect. Medallia collects data for its marketing efforts, including, information you voluntarily provide us, information we automatically collect from you, and information we obtain from third party sources (collectively, “Marketing Data”).
Information We Collect Voluntarily
Medallia collects information you submit through our website when signing up to receive information about our product, services, and industry, participating in our Operational Customer Experience Management Assessment (“OCEM Assessment”), or when registering for an event. The information you provide may include, for example, first and last name, email address, physical address, phone number, employer and employment title. We use this information to provide you with information that you might be interested in about our products, services and industry, share results related to your OCEM Assessment, and register you for events.
Information We Collect Automatically
In order to improve the Medallia website and understand how users are engaging with it, Medallia also collects information by using tracking technologies. This includes IP address, geolocation, time of website access, unique device ID, web browser and device information. For more information about our use of cookies and tracking technologies you may access our Cookies Notice by clicking here.
Information We Obtain from Third Party Sources
In some instances, Medallia engages with third party sources to obtain additional information about you. For example, Medallia collects business contact information from Medallia partners, industry event providers, or business intelligence providers. Information collected by business intelligence providers is publicly available and used by Medallia marketing and sales teams to determine your company’s interest in Medallia’s products and services. You may opt out of these communications at any time by clicking the “unsubscribe” link in the email correspondence or by accessing our Preference Center here.
How We Use Personal Data.
Marketing Outreach and Communication. Medallia uses Marketing Data to communicate with you for the purpose of providing you with information about Medallia products and services. We may also inform you about Medallia resources, news and updates, webinars, events, CEM certification courses, conferences, and information related to our blog. We provide this information to you via several channels, including, for example, direct mail and email communication, phone or SMS communication, event registration, onsite experience programs, ad targeting and retargeting efforts and website feedback surveys. Medallia also uses Marketing Data to understand the ways in which you access our website and to analyze trends related to usage. Medallia may analyze usage to evaluate our marketing effectiveness and retool portions of the site to provide a more convenient experience to you.
Website Feedback Survey and OCEM Assessment. We collect survey information from digital surveys embedded in our website. Medallia’s marketing team can access and use survey feedback you choose to provide to evaluate your impression of and interactions with our website, and improve your browsing experience. Our survey allows you to provide your name and email address should you be interested in signing up for an event with us, or indicate what brought you to our site, including, for example, recruitment opportunities or product demos. The survey also allows you to take a screenshot of portions of our website that you would like to provide feedback about. This survey collects analytics information such as your IP address and type of web browser or mobile device used in accessing our site. We also allow you to engage with our OCEM Assessment to assess your customer experience preparedness. Our marketing and sales teams collect OCEM Assessment responses to refine our communication with prospective customers. We also use this information to help customers further define their customer experience goals. You may provide additional information within the OCEM Assessment, including, for example, name, email address, employer and title. We use this information to contact you about your OCEM Assessment results and Medallia products and services.
Legal Basis for Processing. In all instances, Medallia processes Marketing Data only to the extent that it has a legal basis to do so. Generally, we rely on either a legitimate interest or consent to process Marketing Data. For more information about the legal basis for each of our processing activities contact privacy@medallia.com.
Who Accesses Personal Data.
Medallia Marketing and Sales Professionals. Medallia marketing and sales teams in Medallia’s Group Companies can access Marketing Data for the purposes described above.
Third-Party Service Providers. Medallia may share
Marketing Data with third parties to (1) facilitate our communication with you; (2) providing analytics of Marketing Data and support Marketing operations; (3) assist with event registration; (4) tailor your advertisement experience. Service providers that are provided access to Marketing Data are evaluated by our vendor risk management program and agree to appropriate security and privacy safeguards when accessing or storing Marketing Data. Service providers are required to enter into data processing agreements with Medallia. The majority of service providers are located in the United States, with some providers located internationally.
Medallia also uses web analytics services, which include Google Analytics. Google Analytics is a web analytics service provided by Google Inc. (“Google”). Google Analytics uses cookies and similar technologies to analyze how users use our website. The information generated about usage (including your shortened IP address) is transmitted to Google. This information is used to evaluate visitors’ use of the Medallia website, compile statistical reports on Medallia website activity, and provide other services related to the Medallia website. Google may also collect information about our visitors’ use of other websites. You may opt out of Google Analytics or access additional information about the service by clicking here.
Security. We maintain a comprehensive security program with appropriate organizational and technical security practices measures to protect data we collect. For more details, visit https://medalliastage.wpengine.com/security/.
Storage Period. Medallia maintains Marketing Data for the period of time necessary to carry out our legitimate business interests. For information about specific retention periods, please contact us at privacy@medallia.com.
Data Subject Access Requests. If you are a resident of the EEA you have the following data protection rights:
- If you wish to access, correct, update or request deletion of your personal information, you can do so at any time by contacting us at privacy@medallia.com.
- You can object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information.
- If we have collected and process your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
- You have the right to complain to a data protection authority about our collection and use of your personal information. Contact details for data protection authorities in the EEA are available here.
Opt Out and Preference Center. Medallia offers opt-out mechanisms for marketing communications. If you exercise your right to opt out of marketing communications, you will be added to Medallia’s opt-out list as required by applicable law. Medallia does not send marketing communications to any e-mail address on the applicable opt-out list. If you wish to withdraw your consent from receiving marketing communication, you may opt out from receiving marketing communications by accessing our Preference Center here or by clicking the “unsubscribe” link at the bottom of our communication with you. In the Preference Center, you may also tailor the type of information we provide you.
International Data Transfer and Adequacy Laws
Marketing Data is processed by Medallia Group Companies and third parties in countries that have data protection laws different from those applicable to the data subjects. To satisfy adequacy requirements related to this international data transfer (such as those in the EU):
- Medallia signs data processing agreements with our vendors that have robust privacy and security terms, including, where appropriate, the Standard Contractual Clauses.
- Medallia is certified under the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework, as listed here. Under these frameworks, we handle personal data of EEA and Swiss individuals collected through our marketing activities according to standard principles. Medallia’s Notice of Privacy Shield Certification describes our compliance with these frameworks.
Disclosure of Data for Legal Obligations. Medallia will provide data discussed in this notice to any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend Medallia’s legal rights, or (iii) to protect the vital interests of our clients and their employees and respondents, or those of any other person. When requested by legal authorities to disclose personal information, Medallia will inform the court of various factors justifying confidentiality and respondent anonymity. Medallia will communicate with the affected client or individual as soon as possible, unless prohibited by law or court order.
Disclosure of Data for Merger, Acquisition or Sale. If Medallia is involved in a merger, acquisition or sale of all or a portion of its assets, Medallia may transfer data discussed in this notice to the buyer or new parent company. In this circumstance, the appropriate individuals will be notified about the change in ownership and use of their personal data, as well as any choices they may have regarding personal data.
Collection of Personal Data of Minors. Medallia’s website is directed to people who are at least 16 years of age or older. In the event that we have inadvertently collected data of an individual who is younger than 16, we will remove this data from our system within a reasonable time period. To make such a request, please contact privacy@medallia.com.
Privacy Contact. If you have any questions or comments about this privacy notice or the practices of this site, or unresolved privacy and data use concerns, please contact Medallia by e-mailing privacy@medallia.com, faxing (650) 321-3156, calling (650) 321-3000, or writing Attention: Privacy, Medallia, Inc.,575 Market Street Suite 1850, San Francisco, CA 94105. Medallia responds to non-frivolous privacy-related requests in a timely fashion, not to exceed ten (10) business days.
Recruitment Notice
EFFECTIVE DATE MAY 30, 2018 - LAST REVIEWED AND UPDATED MAY 30, 2018
Introduction
This notice addresses the data we collect through during the Medallia job application process. Medallia uses this data for recruitment purposes, including contacting potential job candidates, enhancing the job application process, and assisting with the interview experience.
Recruitment
What Data We Collect. Medallia collects data for its recruitment efforts, including, information you voluntarily provide us and information that we obtain from third party sources (collectively, “Candidate Data”).
Information We Collect Voluntarily. When a candidate submits an application for employment, Medallia may collect personal information, such as personal data contained within a resume or curriculum vitae (including names, contact details, employment and education history), and, when applicable, Equal Employment Opportunity information that may be regarded as sensitive information in some countries (e.g., gender, ethnicity, disability status, veteran status).
Information We Obtain from Third Party Sources. In some instances, Medallia engages with third party sources to obtain additional information about you. For example, Medallia collects contact information from professional network intelligence companies or industry event providers. Information collected by professional network intelligence companies is publicly available and used by Medallia’s talent acquisition team to determine your company’s interest in employment with Medallia.
How We Use Personal Data.
Medallia uses Candidate Data to communicate with you for the purpose of providing you with information about Medallia career opportunities. Medallia also uses Candidate Data to process applications for employment, assist with the interview experience and, in some cases, supplement the employment onboarding process. Medallia may use aggregate Candidate Data to track its diversity and inclusion efforts to meet its applicable legal requirements.
Legal Basis for Processing. In all instances, Medallia processes Candidate Data only to the extent that it has a legal basis to do so. Generally, we rely on either a legitimate interest or consent to process Marketing Data. For more information about the legal basis for each of our processing activities contact privacy@medallia.com.
Who Accesses Personal Data.
Medallia Teams. Medallia talent acquisition, human resources, and hiring teams in Medallia’s Group Companies can access Candidate Data for the purposes described above.
Third-Party Service Providers. Medallia may share your information with third parties to (1) facilitate the hiring process; (2) if applicable, conduct background checks; (3) host your data in a centralized location; (4) track diversity and inclusion efforts. Service providers that are provided access to Candidate Data are evaluated by our vendor risk management program and agree to appropriate security and privacy safeguards when accessing or storing our Candidate Data. Service providers are required to enter into data processing agreements with Medallia. The majority of our service providers are located in the United States, with some providers located internationally.
Security. We maintain a comprehensive security program with appropriate organizational and technical security practices measures to protect data we collect. For more details, visit https://medalliastage.wpengine.com/security/.
Storage Period. Medallia maintains Candidate Data for the period of time necessary to carry out our legitimate business interests. For information about specific retention periods, please contact us at privacy@medallia.com
Data Subject Access Requests. If you are a resident of the EEA you have the following data protection rights:
- If you wish to access, correct, update or request deletion of your Personal Information, you can do so at any time by contacting us at privacy@medallia.com.
- You can object to processing of your Personal Information, ask us to restrict processing of your Personal Information or request portability of your Personal Information.
- If we have collected and process your Personal Information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Information conducted in reliance on lawful processing grounds other than consent.
- You have the right to complain to a data protection authority about our collection and use of your Personal Information. Contact details for data protection authorities in the EEA are available here.
Opt Out. When you apply for a job with us, Medallia provides you with the opportunity to receive regular correspondence from us about career opportunities that we believe you might be interested in. From time to time, we may confirm that we may still contact you for these purposes. You may request to opt out from these email communications at any time. If you have any additional questions or concerns about this correspondence, please contact privacy@medallia.com.
International Data Transfer and Adequacy Laws
Marketing Data is processed by Medallia Group Companies and third parties in countries that have data protection laws different from those applicable to the data subjects. To satisfy adequacy requirements related to this international data transfer (such as those in the EU), Medallia signs data processing agreements with our vendors and clients that have robust privacy and security terms, including, where appropriate, the Standard Contractual Clauses.
Disclosure of Data for Legal Obligations. Medallia will provide data discussed in this notice to any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend Medallia’s legal rights, or (iii) to protect the vital interests of our clients and their employees and respondents, or those of any other person. When requested by legal authorities to disclose personal information, Medallia will inform the court of various factors justifying confidentiality and respondent anonymity. Medallia will communicate with the affected individual as soon as possible, unless prohibited by law or court order.
Disclosure of Data for Merger, Acquisition or Sale. If Medallia is involved in a merger, acquisition or sale of all or a portion of its assets, Medallia may transfer data discussed in this notice to the buyer or new parent company. In this circumstance, the appropriate individuals will be notified about the change in ownership and use of their personal data, as well as any choices they may have regarding personal data.
Collection of Personal Data of Minors. Medallia’s website and recruiting efforts are directed to people who are at least 16 years of age or older. In the event that we have inadvertently collected data of an individual who is younger than 16, we will remove this data from our system within a reasonable time period. To make such a request, please contact privacy@medallia.com.
Privacy Contact. If you have any questions or comments about this privacy notice or the practices of this site, or unresolved privacy and data use concerns, please contact Medallia by e-mailing privacy@medallia.com, faxing (650) 321-3156, calling (650) 321-3000, or writing Attention: Privacy, Medallia, Inc.,575 Market Street Suite 1850, San Francisco, CA 94105. Medallia responds to non-frivolous privacy-related requests in a timely fashion, not to exceed ten (10) business days.
Cookies Notice
EFFECTIVE DATE APRIL 30, 2019 - LAST REVIEWED AND UPDATED APRIL 30, 2019
Medallia uses cookies on our corporate websites and in the Medallia Experience Cloud.
In our cookies notice, we use the following terms:
- “Medallia Experience Cloud” refers to the SaaS platform and provision of professional services we provide to our clients.
- “respondent” refers to an individual who is prompted to provide feedback to one of Medallia’s clients through the Medallia Experience Cloud.
What is a Cookie?
A cookie is a text file which can be sent from a website and stored in a user’s web browser while a user is browsing that website. When the user browses the same website or another website that recognizes that cookie in the future, the data stored in the cookie can be retrieved by the website to notify the website of the user’s previous activity.
Cookies fulfill many different tasks, as for example letting you navigate between pages efficiently or remembering your preferences. They can also help to ensure that online-advertisements are more relevant to you with regard to your interests.
Medallia Corporate Websites
Cookies are placed on the computer of a visitor to Medallia’s corporate websites. These cookies enhance the visitor’s experience on these websites, for example to complete forms, identify returning visitors and offer related content. Cookies are also used in combination with beacons, tags and scripts on our website by Medallia and its partners to facilitate our communication with site visitors, support marketing operations and targeted advertising, tailor a visitor’s advertisement experience, analyze trends, administer the site, or understand how visitors engage with Medallia’s corporate websites.
As is true of most websites, Medallia gathers certain information automatically from visitors and store it in log files. When you visit Medallia’s website, we collect internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data.
In order to improve services we offer you, to improve marketing, analytics, or site functionality, we may combine this automatically collected log information with Marketing Data.
Cookies, beacons, tags and scripts are used by Medallia and our partners (e.g., marketing partners), affiliates, or analytics or service providers on our website. These technologies are used by Medallia’s marketing team in facilitating our communication with site visitors, supporting marketing operations, tailoring a visitor’s advertisement experience, analyzing trends, administering the site, or tracking users’ movements around the site. We receive reports based on the use of these technologies by these companies.
Categories of Cookies and Management Settings
The following describes the categories of cookies Medallia uses on our corporate websites and your options for managing them:
Category | Description | Managing Settings |
Required cookies | These cookies are essential for operating Medallia’s corporate websites. They assist in the display and navigation of the site, and provide security. | Because required cookies are essential to the operation of our corporate website, the ability to opt out of these cookies is limited. Management of these cookies may be enabled on your browser via individual browser settings. |
Functional cookies | These cookies allow Medallia to remember the information you have entered or choices you have made when you visit our corporate websites, and are used to provide personalized features, such as remembering your preferences for displaying video content. | You can manage the placement of functional cookies on your browser via your individual browser settings. Opting out of functional cookies may impact the functionality of Medallia’s corporate websites and degrade your experience. You can visit http://www.aboutcookies.org for detailed guidance. |
Performance and analytics cookies | These cookies record information about your visit to our corporate websites (such as which portions of the website you have visited and how fast pages have loaded). Medallia uses this information to improve how our corporate websites function. | You can manage the placement of these cookies the same as functional cookies. You can visit http://www.aboutcookies.org for detailed guidance. |
Advertising cookies | Medallia uses cookies on our corporate website to show you relevant advertising outside of our site. Cookies may also be used to learn whether a visitor to our corporate website later saw an ad and took an action (e.g., downloaded a white paper) from our site.
Our partners may use a cookie to determine whether we’ve shown an ad to you outside of Medallia’s corporate website and how it performed, or provide us with information about how you interacted with ads. We may also work with partners to show you an ad off of our corporate website. |
See the cookie table below for our corporate website to learn more about how to opt out of data collection by third party advertising networks. |
Cookie Table
The cookie tables below list some of the cookies used on our corporate website, and opt-out information (if applicable).
Medallia Experience Cloud
Cookies are placed on a respondent’s computer when they visit web-based surveys navigated to from an invitation sent by the Medallia Experience Cloud, when a respondent visits the domain of one of our clients that has enabled Medallia’s digital surveys, or when an employee of a Medallia client logs on to a reporting application. These cookies enable Medallia to remember a user’s preferences (such as language), ensure the security and integrity of client data, improve our products, and personalize a respondent’s survey experience. In addition, these cookies enable a Medallia client to identify a user across different browsers or devices that access a client’s web domain, record information about the browsing session on the domain, and to customize surveys presented to the user on that domain based on that information and additional rules.
The Medallia Experience Cloud does not place cookies on a user’s computer for advertising purposes.
Categories of Cookies and Management Settings
The following describes the categories of cookies used by the Medallia Experience Cloud and your options for managing them:
Category | Description | Managing Settings |
Required cookies | These cookies are essential for operating the Medallia Experience Cloud. They assist in navigation of surveys and reporting applications, ensure the security and integrity of Medallia’s and its clients’ data, and provide access to restricted content. | Because required cookies are essential to the operation of the Medallia Experience Cloud, the ability to opt out of these cookies is limited. Management of these cookies may be enabled on your browser via individual browser settings. |
Functional cookies | These cookies allow Medallia to remember a user’s information or choices, and provide personalized features (such as the choice of language in a survey). | You can manage the placement of functional cookies on your browser via your individual browser settings. Opting out of functional cookies may impact the functionality of Medallia’s surveys or reporting application and degrade your experience. You can visit http://www.aboutcookies.org for detailed guidance. |
Performance and analytics cookies | These cookies record information about the use of a survey or reporting application (such as how fast a survey loads or which modules within a reporting application a user interacts with). Medallia uses this information to improve how the surveys and reporting applications function. Medallia’s clients also use information collected from these cookies to improve a respondent’s survey experience (such as causing a survey on their domain to be presented only when certain conditions are met). | You can manage the placement of these cookies the same as functional cookies. You can visit http://www.aboutcookies.org for detailed guidance. |
Cookie Table
The cookie tables below list some of the cookies used by the Medallia Experience Cloud, and opt-out information (if applicable).
Web-based surveys