GENERAL DEFINITIONS: These definitions may vary slightly according to local data privacy laws.
" Agent" means a Third Party that processes Personal Information solely on behalf of and under the instructions of Gartner.
" Associate(s)" refers to any employee of Gartner or its direct or indirect subsidiaries worldwide.
"EEA" refers to the European Economic Area, which covers the countries of the European Union ("EU") as well as additional non EU-countries (currently Iceland, Liechtenstein and Norway).
" Gartner" or the " Company" means Gartner, Inc. and its direct and indirect subsidiaries.
" Gartner User" is any identified or identifiable natural person with whom Gartner conducts its business, including without limitation: clients, prospects, event attendees, registered users, vendors and other individuals.
" Personal Information" is any information relating to an identified or identifiable natural person recorded in any medium (e.g., PDA, computer, paper). It includes information such as name, address, job title, Gartner topics of interest and requested manner of communication (e.g., mail, fax, email, phone, etc.). It also includes certain highly sensitive information about an individual, such as race, religion, gender, sexual orientation, medical/health records, credit card information, dietary requirements, and political beliefs. Additional legal safeguards apply in the case of Sensitive Personal Information (see definition below).
Examples of Personal Information relevant to Gartner business may include:
" Processing" means any operation that is performed on Personal Information, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction.
" Sensitive Personal Information" is a subset of Personal Information, which due to its sensitive nature has been classified by law or policy as deserving heightened privacy protections. Sensitive Personal Information includes, without limitation: race, ethnicity, medical records. As a rule, Gartner refuses to accept Sensitive Personal Information from third parties, including our clients, since it is rarely necessary for our business.
THE GARTNER PRIVACY PRINCIPLES
Gartner is committed to respecting your privacy rights and protecting the Personal Information you share with us. We protect your Personal Information in accordance with the following Privacy Principles:
1. NOTICE: We notify you when we collect your Personal Information that it will be used to administer our relationship with you and to deliver our superior service- including informing you about Gartner offerings that may be relevant to you.
2. CHOICE: We do not share Personal Information about you outside Gartner unless you give us permission to do so, or when the law requires it. We give you choices related to how we use and share your Personal Information, and we make it easy for you to remove your name from marketing and distribution lists via email or by contacting email@example.com.
5. GLOBAL COMPLIANCE: We endeavor to comply with the applicable data privacy laws in all regions where we conduct business.
Below, we take a closer look at each of the Gartner Privacy Principles enumerated above:
1. NOTICE: We notify you when we collect your Personal Information that it will be used to administer our relationship with you and to deliver superior service; including informing you about Gartner offerings that may be relevant to you.
a. Gartner processes your Personal Information in a reasonable and lawful manner for relevant and appropriate business purposes and retains such Personal Information for no longer than is necessary for the purpose(s) for which it was collected.
b. In keeping with the nature of Gartner's business, Gartner services and benefits are not marketed to minors. Gartner does not knowingly attempt to solicit or receive any Personal Information from children.
c.Gartner collects Personal Information at several different points, including but not limited to the following (in alphabetical order):
Here is what Gartner Users need to know about cookies:
While Gartner Users may block cookies at any time by changing their browser settings, it is important to note that First Party cookies may be necessary in order to identify Gartner Users and ensure they fully access and use the content and features on the Gartner Web sites.
Gartner uses cookie technology to enable registered Gartner Users (i) to move quickly and securely through access-controlled areas of the Gartner Web sites; and (ii) to take advantage of certain useful features on the sites, such as "remember my password."
First and Third party cookies do not store any Gartner User Personal Information on the Gartner Web sites; they are simply identifiers. By continuing to use the Gartner Web sites, Gartner Users consent to the placement of these cookies on their computing device in accordance with the terms above.
2. CHOICE: We do not share personal information about you outside Gartner unless you give us permission to do so or when the law requires it. We give you choices related to how we use and share your Personal Information, and we make it easy for you to remove your name from marketing and distribution lists via email or by contacting firstname.lastname@example.org.
a. Gartner gives each Gartner User the opportunity to opt-out (i) from allowing Gartner to disclose his/her Personal Information to a Third Party unless the disclosure is required by law or is for the fulfillment of a contractual obligation (e.g., employment contract) and (ii) from allowing Gartner to process Personal Information for a purpose other the original purpose for which it was collected or the purpose authorized subsequently by the Gartner User.
b. A “Manage My Preference” or "Unsubscribe" link and other identifying information as required by applicable law, is provided in each electronic communication sent by Gartner (other than those required by law or to administer a current contract) so that the Gartner User may manage their marketing communication preferences to opt-out or otherwise direct the proposed use of their Personal Information.
a. Gartner takes very seriously its obligation to protect and safeguard the Personal Information of Gartner Users and seeks the cooperation of its business partners in furthering this goal.
b. Gartner uses Third-Party service providers (such as mailing & shipping houses and event coordinators, together with other service providers as necessary) to fulfill its contractual obligations to its clients.
c. Where Gartner is required to share Personal Information with Third Parties, such as vendors, Gartner will contractually ensure that such vendor safeguards the Personal Information they are processing to the same degree as Gartner safeguards the Personal Information in its care.
d. When Gartner Users register for a Gartner event, Gartner provides to hotels and facilities hosting the event, and to vendors providing event-related services, only that Gartner User Information necessary to administer the Attendee event experience.
e. Where Gartner has knowledge that a Third Party service provider - or its Agent - is using or sharing Personal Information in a way that is contrary to this Policy, Gartner will take reasonable and timely steps to prevent or stop such processing.
f. Where local law or government authority requires, Gartner will comply with requests to disclose Personal Information of a Gartner User - with notice to the affected Gartner User - where permissible. Many entities receiving Personal Information under these conditions are required to adhere to privacy requirements that govern their handling of the collected Personal Information.
a. Gartner maintains and implements a data security program that includes industry standard administrative, technical, physical, and operational safeguards designed to:
b. The nature and extent of protection will correspond to applicable local laws and regulations.
c. In addition, Gartner provides users of its Web sites with a secure online experience by deploying a variety of security measures to maintain the safety and confidentiality of the Personal Information it collects. For further guidance about data security at Gartner, email email@example.com.
d. All Gartner Associates, Third Party service providers, and other individuals whose responsibilities include the processing (e.g., collection or storage) of Personal Information are trained to safeguard and protect that Personal Information in accordance with this Policy.
e. Gartner has implemented protocols to verify ongoing compliance with this Policy and to enforce penalties against those who violate it. Gartner Users wishing to report a privacy violation, may do so through their designated Gartner Account Representative or by contacting firstname.lastname@example.org.
f. Because Gartner self-certifies annually with the U.S. Department of Commerce as a data controller (i.e., Safe Harbor certification), the U.S. Federal Trade Commission has been empowered to investigate complaints and to obtain redress in all cases of Gartner's noncompliance with this Policy.
g. Gartner cooperates with the European Data Protection Authorities (DPAs) in the regions where it conducts business for the purpose of handling any unresolved local complaints regarding the Gartner User Personal Information it collects through Human Resources.
5. GLOBAL COMPLIANCE: We endeavor to comply with the data privacy laws in all regions where we conduct business.
a. Globally: Gartner aims to comply with the applicable laws and regulations protecting the privacy of Personal Information in the jurisdictions in which Gartner operates. Where appropriate, specific jurisdictions may require supplemental terms to this Policy in order to comply with local laws.
b. Across the European Union and Switzerland: In furtherance of our commitment to privacy, Gartner has certified to the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework, with respect to EEA and Swiss Personal Data processed as part of its Human Resources and Commercial activities. Accordingly, Gartner adheres to the Seven Safe Harbor Privacy Principles and 15 Frequently Asked Questions (FAQs) and Answers, as agreed to by the U.S. Department of Commerce and the European Commission (located at the U.S. Department of Commerce website.)
c. In Australia: The Australian Privacy Principle (APP) Guidelines require that:
(i) Gartner acknowledges in this Policy that we disclose Personal Information of our Australian clients to overseas recipients in the ordinary course of our business. To ensure the receiving jurisdictions treat our clients’ Personal Information with the same degree of care as set forth hereunder, we arrange for them to sign a Gartner Data Transfer Agreement.
d. In the U.S./California: DNT Requirements - California Residents only: Residents of the State of California may request a list of all Third Parties to which the Gartner Web sites have disclosed certain Personal Information (as defined by California law) during the preceding year for those Third Parties’ direct marketing purposes. California Business & Professions Code Section 22575(b) (as amended effective January 1, 2014) provides that California residents are entitled to know how Gartner responds to “Do Not Track” browser settings. Gartner does not currently respond to Do Not Track signals because a uniform technological standard has not yet been developed. Gartner continues to review new technologies and may adopt a standard once one is created.
e. Intra-company Transfers: In addition to Gartner’s Safe Harbor certification, which serves to safeguard the Personal Information of Gartner Users residing in the European Union when it is transferred to Gartner, Inc., Gartner has also arranged for its other non-Safe Harbor certified entities to execute Data Transfer Agreements. The Data Transfer Agreement, which is executed between the local Gartner entity and Gartner, Inc. for those non-EU jurisdictions that require a data transfer agreement for data transfers, contains clauses similar to the Safe Harbor framework, which are intended to safeguard and protect Personal Information when it is transferred outside of the Gartner User’s country of residence.
a. Gartner takes reasonable steps to ensure the Personal Information it has collected is accurate, complete, and current.
b. If a Gartner User desires to access and review the Personal Information Gartner has collected about him/her or if such Personal Information is incorrect, incomplete or has changed, Gartner provides the Gartner User with reasonable opportunity (via their user profiles on the Gartner Web sites) to view/correct/update it at any time.
We thank you for entrusting us with your Personal Information and with your business!
Last Updated: August, 2016