Home

Global Policies

Gartner Global Privacy Policy

INTRODUCTION

  • The Gartner (“Gartner” or the “Company”) brand is synonymous with trust. 
  • We pride ourselves on our reputation for providing objective and unparalleled insight and advice to the marketplace.
  • When our clients, prospects, registered users and vendors entrust us with their personally identifiable information (“Personal Information”), they expect that we will protect that information with the same level of care we do our own. Doing so is fundamental to our business success.
  • We developed this Gartner Global Privacy Policy (the “Policy”) to define and document for our clients, prospects, registered users and vendors the various ways that we safeguard and balance their privacy rights with our legitimate business needs to collect, maintain, and communicate information.

SCOPE

  • This Policy applies to Gartner and any entities doing business under the Gartner name worldwide, which collect, process and/or store Client Personal Information.
  • Gartner aims to comply with the applicable laws and regulations protecting the privacy of Personal Information in the jurisdictions in which the Company operates. Where appropriate, laws within specific jurisdictions may require supplemental terms to comply with local laws.
  • In furtherance of its commitment to privacy, Gartner has certified to the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework, with respect to EEA and Swiss personal data processed as part of our commercial, procurement, and human resources activities. Accordingly, Gartner adheres to the Safe Harbor Seven Privacy Principles and 15 Frequently Asked Questions and Answers (FAQs), as agreed to by the U.S. Department of Commerce and the European Commission (located at the U.S. Department of Commerce website).
  • Gartner may amend this Policy from time to time, should it become necessary or advisable to do so.

GENERAL DEFINITIONS: These definitions may vary slightly according to local data privacy laws.

" Agent" means a Third Party that processes Personal Information solely on behalf of and under the instructions of Gartner.

" Associate(s)" refers to any employee of Gartner or its direct or indirect subsidiaries worldwide.
"EEA" refers to the European Economic Area, which covers the countries of the European Union ("EU") as well as additional non EU-countries (currently Iceland, Liechtenstein and Norway).

" Gartner" or the " Company" means Gartner, Inc. and its direct and indirect subsidiaries.

" Gartner User" is any identified or identifiable natural person with whom Gartner conducts its business, including without limitation: clients, prospects, event attendees, registered users, vendors and other individuals.

" Personal Information" is any information relating to an identified or identifiable natural person recorded in any medium (e.g., PDA, computer, paper). It includes information such as name, address, job title, Gartner topics of interest and requested manner of communication (e.g., mail, fax, email, phone, etc.). It also includes certain highly sensitive information about an individual, such as race, religion, gender, sexual orientation, medical/health records, credit card information, dietary requirements, and political beliefs. Additional legal safeguards apply in the case of Sensitive Personal Information (see definition below).

Examples of Personal Information relevant to Gartner business may include:

  • Client or Prospect Information: Name, email address, business address, employer/ company-related information, website registration, subject matter preference information. This information may be found on marketing/mailing/contact lists (e.g., in contacts function of MS Outlook or on a PDA), in corporate data bases, on spreadsheets.
  • Event Attendee and/or Sponsor Information: Name, email address, business address, employer/ company-related information, credit card information (in rare instances). This information may be found on registration forms/profiles, attendee lists, business cards, photos, video clips, online streaming. 
  • Sales Order Fulfillment Information: Name, email address, business address, employer/ company-related information.  This information may be found on Sales Order Forms, Inquiry records (e.g., webGAMEC).
  • Third Party Service Provider Information: Name, email address, business address, employer/company-related information. This information may be found in corporate databases.

" Processing" means any operation that is performed on Personal Information, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction.

" Sensitive Personal Information" is a subset of Personal Information, which due to its sensitive nature has been classified by law or policy as deserving heightened privacy protections. Sensitive Personal Information includes, without limitation: race, ethnicity, medical records. As a rule, Gartner refuses to accept Sensitive Personal Information from third parties, including our clients, since it is rarely necessary for our business.   

" Third Party" or “ Third Party Service Provider” is any natural or legal person, public authority, agency or other body apart from the Gartner User that processes Personal Information solely on behalf of and under the instructions of Gartner. All such Third Parties agree to collect, safeguard and use the Personal Information in accordance with the terms of the Gartner Privacy Policy and applicable data privacy laws.

THE GARTNER PRIVACY PRINCIPLES

Gartner is committed to respecting your privacy rights and protecting the Personal Information you share with us. We protect your Personal Information in accordance with the following Privacy Principles:

1. NOTICE: We notify you when we collect your Personal Information that it will be used to administer our relationship with you and to deliver our superior service- including informing you about Gartner offerings that may be relevant to you.

2. CHOICE: We do not share Personal Information about you outside Gartner unless you give us permission to do so, or when the law requires it. We give you choices related to how we use and share your Personal Information, and we make it easy for you to remove your name from marketing and distribution lists via email or by contacting  privacy@gartner.com.

3. ONWARD TRANSFER: We insist that the vendors we hire to provide support services to Gartner adhere to our Privacy Policy and Principles as well as applicable data privacy laws.

4. SECURITY & ENFORCEMENT: We safeguard and protect your Personal Information. We educate our employees and service providers on our Privacy Policy and Principles- as well as their roles and responsibilities in complying with them; and we enforce remedial penalties for non-compliance.

5. GLOBAL COMPLIANCE: We endeavor to comply with the applicable data privacy laws in all regions where we conduct business.

6. ACCESS: We aim to keep your Personal Information accurate and current; and we update or disclose it to you whenever you request us to do so. We post our Privacy Policy and Principles on our Web sites and we notify you on those Websites about any significant amendments thereto.

Below, we take a closer look at each of the Gartner Privacy Principles enumerated above:

1. NOTICE: We notify you when we collect your Personal Information that it will be used to administer our relationship with you and to deliver superior service; including informing you about Gartner offerings that may be relevant to you.

a. Gartner processes your Personal Information in a reasonable and lawful manner for relevant and appropriate business purposes and retains such Personal Information for no longer than is necessary for the purpose(s) for which it was collected.

b. In keeping with the nature of Gartner's business, Gartner services and benefits are not marketed to minors. Gartner does not knowingly attempt to solicit or receive any Personal Information from children.

c.Gartner collects Personal Information at several different points, including but not limited to the following (in alphabetical order):

  • Cookies. Gartner may employ a cookie, or small piece of information stored on a file in the Gartner User’s browser or hard drive, which enables Web servers to "identify" that Gartner User each time he/she initiates a session on a Gartner Web site. Unless the Gartner User has adjusted his/her browser settings to refuse cookies, the Gartner system will issue a cookie when the Gartner User visits a Gartner Web site.

Here is what Gartner Users need to know about cookies:

  • First Party cookies are set by the Gartner Web site you are visiting.
  • Third Party cookies are set by a domain outside of the Gartner Web sites.
  • Persistent cookies remain on your computing device for the period specified in the cookie and are activated each time you revisit the website that set such cookie.
  • Session cookies remain on your computing device until you close your browser window, at which point they are automatically deleted.

While Gartner Users may block cookies at any time by changing their browser settings, it is important to note that First Party cookies may be necessary in order to identify Gartner Users and ensure they fully access and use the content and features on the Gartner Web sites.

Gartner uses cookie technology to enable registered Gartner Users (i) to move quickly and securely through access-controlled areas of the Gartner Web sites; and (ii) to take advantage of certain useful features on the sites, such as "remember my password."

First and Third party cookies do not store any Gartner User Personal Information on the Gartner Web sites; they are simply identifiers. By continuing to use the Gartner Web sites, Gartner Users consent to the placement of these cookies on their computing device in accordance with the terms above.

  • Email alerts. Gartner Users are asked to provide their email address when signing up for email alerts on Gartner Web sites. Additional information may also be collected depending on the type of alert requested. Alerts may be managed or deleted by Gartner Users on www.gartner.com in the My Profile/Preferences section.
  • Event Registration. Where Gartner collects Personal Information for Event Registration, Gartner will not disclose such information to any Third Party (other than in connection with administration of the Gartner Event) without the registrant’s consent. Gartner does not rent, sell or otherwise disclose this collected Personal Information for non-Event-related mailings.
  • Gartner Web Sites. The Gartner Web sites are owned and operated by Gartner to deploy the Gartner products and services.  Each Gartner Web site requires the Gartner User to create an account and choose a password. Passwords are for the Gartner User’s individual use and may not be shared with others. For additional guidance about how to use the Gartner services, please consult the Usage Guidelines for Gartner Services on the policy page of gartner.com.  Gartner does not sell, rent or share (outside the Gartner family) Personal Information collected on the Gartner Web sites. Gartner obtains the Gartner User’s consent prior to disclosing Personal Information to Third Parties for consumer marketing purposes. Gartner Web sites may contain links to other Web sites. Gartner is not responsible for the privacy practices of such other sites. Gartner Users should be aware when leaving a Gartner Web site and should read the privacy statements of the new Web site they enter.
  • Mobile Computing Devices. Some Gartner Web sites and online resources are specifically designed to be compatible with and used on mobile computing devices. Mobile versions of Gartner Web sites may require Gartner Users to log in with an account for that Web site. Information about use of each mobile version of the Web site will be associated with the Gartner User accounts. Some of the Gartner Web sites and online resources enable Gartner Users to download an application, widget or other tool that can be used on mobile or other computing devices. These tools may store information on mobile or other devices and enable Gartner Users to email reports and other information from the tool. These tools may also transmit Personal Information to Gartner to enable (i) Gartner Users to access user accounts and (ii) Gartner to enhance and track use of these tools as well as develop new tools for quality improvement.
  • Purchases & Fulfillment. When Gartner Users place an order or register for a Gartner Event, additional Personal Information, such as credit card number and expiration date, may in some instances be requested. Gartner may also collect additional information about hotel, meal and other travel preferences. This Sensitive Personal Information, which is used solely for confirmation and billing purposes and to service the order, is used only for the purpose identified hereunder and is deleted in a secure and timely manner once that purpose has been served.
  • Recruiting. Candidates for employment must provide Personal Information as required by the recruiting and interview process, such as full name and mailing address, personal email address, job resume, photo, references and other employment-related information. This information is retained by Gartner only until such time as the successful candidate is appointed, or the unsuccessful candidate requests that Gartner continue to retain his/her Personal Information for future opportunities.
  • Registration for Gartner Web sites. When Gartner Users register on Gartner Web sites, or for Gartner events, or to purchase products, Gartner may request certain Personal Information. Gartner uses this Personal Information to provide advice and service, as well as to share offers deemed relevant by Gartner. In circumstances where data processing is not permitted under local law, Gartner requests express consent from the Gartner User. Gartner may also contact Gartner Users regarding Web site problems or other customer service-related issues.
  • RFID. Radio Frequency Identification is a generic term that is used to describe a scanning system that transmits the identity (in the form of a unique serial number) of an object or person wirelessly, using radio waves. Gartner may use RFID scanning technology at Gartner Events (via the Attendee Badge) to collect information pertaining to Attendee participation in Event sessions and activities and/or visits to Exhibitor booths. This collected information is used internally to help Gartner better understand client business needs. Gartner also makes RFID scanning tools available to its Exhibitors but requires them to inform Event attendees (i) of the purpose of their scanning, and (ii) that their Exhibitor RFID scanning is in no way affiliated with Gartner.
  • Social Media. Online social media resources are interactive tools that enable Gartner Users to collaborate and share information with others. Social media resources include but are not limited to social networks, discussion boards, bulletin boards, Blogs, Wikis and referral functions to share Web site content and tools with a friend or colleague. Where a Gartner User makes specific reference to Gartner on a social media resource, Gartner may collect the Gartner User’s Personal Information.  When using social media resources, Gartner Users are advised to take care with what Personal Information they share with others. Gartner provides additional notice and choices on its Web sites about how Personal Information is collected, used and disclosed with regard to social media resources.
  • Usage Tracking. Gartner may monitor how Gartner Users use its Web sites, including search terms entered, pages visited and documents viewed. For registered Gartner Users, this information is stored with their registration information. It is uniquely numbered, and is used solely for purposes of enabling Gartner to provide the registered Gartner User with a personalized Web site experience. This data may also be used, in an aggregated (i.e., not personally identifiable) format to (i) help Gartner understand areas for future research; and (ii) identify appropriate product offerings and subscription plans. This same data may also be used by Gartner clients, in a form that is personally identifiable to the specific client, to better understand how their employees are using their Gartner subscriptions.

2. CHOICE: We do not share personal information about you outside Gartner unless you give us permission to do so or when the law requires it. We give you choices related to how we use and share your Personal Information, and we make it easy for you to remove your name from marketing and distribution lists via email or by contacting  privacy@gartner.com.

a. Gartner gives each Gartner User the opportunity to opt-out (i) from allowing Gartner to disclose his/her Personal Information to a Third Party unless the disclosure is required by law or is for the fulfillment of a contractual obligation (e.g., employment contract) and (ii) from allowing Gartner to process Personal Information for a purpose other the original purpose for which it was collected or the purpose authorized subsequently by the Gartner User.

b. A “Manage My Preference” or "Unsubscribe" link and other identifying information as required by applicable law, is provided in each electronic communication sent by Gartner (other than those required by law or to administer a current contract) so that the Gartner User may manage their marketing communication preferences to opt-out or otherwise direct the proposed use of their Personal Information.

3. ONWARD TRANSFER: We insist that the vendors we hire to provide support services to Gartner adhere to our Privacy Policy, the most current version of which is posted on our Web sites for easy access.

a. Gartner takes very seriously its obligation to protect and safeguard the Personal Information of Gartner Users and seeks the cooperation of its business partners in furthering this goal.

b. Gartner uses Third-Party service providers (such as mailing & shipping houses and event coordinators, together with other service providers as necessary) to fulfill its contractual obligations to its clients.

c. Where Gartner is required to share Personal Information with Third Parties, such as vendors, Gartner will contractually ensure that such vendor safeguards the Personal Information they are processing to the same degree as Gartner safeguards the Personal Information in its care.

d. When Gartner Users register for a Gartner event, Gartner provides to hotels and facilities hosting the event, and to vendors providing event-related services, only that Gartner User Information necessary to administer the Attendee event experience.

e. Where Gartner has knowledge that a Third Party service provider - or its Agent - is using or sharing Personal Information in a way that is contrary to this Policy, Gartner will take reasonable and timely steps to prevent or stop such processing.

f. Where local law or government authority requires, Gartner will comply with requests to disclose Personal Information of a Gartner User - with notice to the affected Gartner User - where permissible. Many entities receiving Personal Information under these conditions are required to adhere to privacy requirements that govern their handling of the collected Personal Information.

4. SECURITY & ENFORCEMENT: We safeguard and protect your Personal Information. We educate our employees and service providers on our Privacy Policy and Principles as well as their roles and responsibilities in complying with them; and we enforce remedial penalties for non-compliance.

a. Gartner maintains and implements a data security program that includes industry standard administrative, technical, physical, and operational safeguards designed to:

  • maintain the security and confidentiality of Personal Information;
  • safeguard against any anticipated threats or hazards to the security, confidentiality and integrity of Personal Information; and
  • protect against unauthorized access, disclosure, alteration or destruction of Personal Information that could result in harm to Gartner or Gartner Users.

b. The nature and extent of protection will correspond to applicable local laws and regulations.

c. In addition, Gartner provides users of its Web sites with a secure online experience by deploying a variety of security measures to maintain the safety and confidentiality of the Personal Information it collects. For further guidance about data security at Gartner, email  security.officer@gartner.com.

d. All Gartner Associates, Third Party service providers, and other individuals whose responsibilities include the processing (e.g., collection or storage) of Personal Information are trained to safeguard and protect that Personal Information in accordance with this Policy.

e. Gartner has implemented protocols to verify ongoing compliance with this Policy and to enforce penalties against those who violate it. Gartner Users wishing to report a privacy violation, may do so through their designated Gartner Account Representative or by contacting  privacy@gartner.com.

f. Because Gartner self-certifies annually with the U.S. Department of Commerce as a data controller (i.e., Safe Harbor certification), the U.S. Federal Trade Commission has been empowered to investigate complaints and to obtain redress in all cases of Gartner's noncompliance with this Policy.

g. Gartner cooperates with the European Data Protection Authorities (DPAs) in the regions where it conducts business for the purpose of handling any unresolved local complaints regarding the Gartner User Personal Information it collects through Human Resources.

5. GLOBAL COMPLIANCE: We endeavor to comply with the data privacy laws in all regions where we conduct business.

a. Globally: Gartner aims to comply with the applicable laws and regulations protecting the privacy of Personal Information in the jurisdictions in which Gartner operates. Where appropriate, specific jurisdictions may require supplemental terms to this Policy in order to comply with local laws.

b. Across the European Union and Switzerland: In furtherance of our commitment to privacy, Gartner has certified to the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework, with respect to EEA and Swiss Personal Data processed as part of its Human Resources and Commercial activities. Accordingly, Gartner adheres to the Seven Safe Harbor Privacy Principles and 15 Frequently Asked Questions (FAQs) and Answers, as agreed to by the U.S. Department of Commerce and the European Commission (located at the U.S. Department of Commerce website.)

c. In Australia: The Australian Privacy Principle (APP) Guidelines require that:

(i) Gartner acknowledges in this Policy that we disclose Personal Information of our Australian clients to overseas recipients in the ordinary course of our business. To ensure the receiving jurisdictions treat our clients’ Personal Information with the same degree of care as set forth hereunder, we arrange for them to sign a Gartner Data Transfer Agreement.

(ii) Gartner describes in this Policy the process by which a client may report and register complaints regarding any violation by Gartner of the APPs as well as the process by which a client may access his/her Personal Information on file with Gartner.  For additional information regarding the APAC Privacy Policy, please contact APAC.PrivacyOfficer@gartner.com.

d. In the U.S./California: DNT Requirements - California Residents only: Residents of the State of California may request a list of all Third Parties to which the Gartner Web sites have disclosed certain Personal Information (as defined by California law) during the preceding year for those Third Parties’ direct marketing purposes.  California Business & Professions Code Section 22575(b) (as amended effective January 1, 2014) provides that California residents are entitled to know how Gartner responds to “Do Not Track” browser settings.  Gartner does not currently respond to Do Not Track signals because a uniform technological standard has not yet been developed. Gartner continues to review new technologies and may adopt a standard once one is created.

e. Intra-company Transfers: In addition to Gartner’s Safe Harbor certification, which serves to safeguard the Personal Information of Gartner Users residing in the European Union when it is transferred to Gartner, Inc., Gartner has also arranged for its other non-Safe Harbor certified entities to execute Data Transfer Agreements. The Data Transfer Agreement, which is executed between the local Gartner entity and Gartner, Inc. for those non-EU jurisdictions that require a data transfer agreement for data transfers, contains clauses similar to the Safe Harbor framework, which are intended to safeguard and protect Personal Information when it is transferred outside of the Gartner User’s country of residence.

6. ACCESS: We endeavor to keep your Personal Information accurate and current; and we update or disclose it to you whenever you request us to do so. We post our Privacy Policy and Privacy Principles on our Web sites and we notify you on those Web sites about any significant amendments.

a. Gartner takes reasonable steps to ensure the Personal Information it has collected is accurate, complete, and current.

b. If a Gartner User desires to access and review the Personal Information Gartner has collected about him/her or if such Personal Information is incorrect, incomplete or has changed, Gartner provides the Gartner User with reasonable opportunity (via their user profiles on the Gartner Web sites) to view/correct/update it at any time.

c. Gartner may amend this Policy from time to time, should it become necessary or advisable to do so.  We will notify you about significant changes to our Privacy Policy by placing a prominent notice on our Web site(s) and where we deem it reasonably necessary, via notice to the primary email address specified in your user profile.

We thank you for entrusting us with your Personal Information and with your business!

For any and all questions regarding our Privacy Policy and Principles, contact  privacy@gartner.com

Last Updated: August, 2016