It has long been Gartner's (the "Company") position to preserve objectivity and guard the way in which the Company can provide unparalleled insight and advice to the marketplace. In doing so, Gartner must seek to protect the personal information entrusted to it by associates, clients, prospects, employees, workers and other individuals. The trust of the individuals the Company interacts with daily and on every level is fundamental to Gartner's business success.
Gartner aims to comply with the applicable laws and regulations protecting the privacy of personal information in the jurisdictions in which the Company operates. Where appropriate, laws within specific jurisdictions may require supplemental terms to comply with local laws.
This policy applies to personal information that is processed by Gartner and to any entities doing business under the Gartner name worldwide. From time to time, this policy may be supplemented by communications from Gartner's Legal Department. All associates, clients, prospects, employees, workers and other individuals whose responsibilities include the processing (e.g. collection or storage) of personal information are expected to protect that data by adherence to this Policy.
In furtherance of its commitment to privacy, Gartner has certified to the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework, with respect to EEA and Swiss personal data processed as part of its Human Resources and Commercial activities. Accordingly, Gartner adheres to the Safe Harbor 7 privacy principles and 15 Frequently Asked Questions and Answers (FAQs), as agreed to by the U.S. Department of Commerce and the European Commission (located at the U.S. Department of Commerce website.)
Gartner may amend this policy from time to time, should it become necessary or advisable to do so.
(Please note that the definitions could be slightly different in local data protection laws.)
"Agent" means a Third Party that processes personal information solely on behalf of and under the instructions of Gartner.
"Associate(s)" refers to any employee of Gartner or its direct or indirect subsidiaries worldwide.
"EEA" refers to the European Economic Area which covers the countries of the European Union ("EU") as well as additional non EU-countries (currently Iceland, Liechtenstein, Norway) and allows free trade between these countries.
"Gartner" or "The Company" means Gartner, Inc. and its direct and indirect subsidiaries.
"Personal Information" is any information relating to an identified or identifiable natural person recorded in any medium (e.g. PDA, computer, paper). It includes information such as name, address and title; what topics a person is interested in or how someone lists to be communicated with (fax, e-mail, phone, etc). It also includes certain highly sensitive information about an individual, such as religion, dietary requirements, race, sexual orientation, health and political beliefs. Additional safeguards apply in the case of sensitive personal data (see below).
Examples of personal information relevant to Gartner business include:
- Contact lists
- Databases or spreadsheets containing customer or prospect information
- Event registration forms
- Mailing lists, including any type of e-mail list
- Sales order forms
- Inquiry records (such as webGAMEC)
- Web site registration and profile information
- Contact details of individuals (e.g. the contact details of individuals who work for suppliers or customers), whether held within or outside any corporately supported database or other storage or retrieval systems, or on an individual's filing systems (e.g. in the contacts function of MS Outlook or on a PDA)
- Personal details about people attending events , whether solely or co-organized by Gartner, such as registration details and contact details taken from business cards for direct marketing purposes
- Mailing lists
- Images on closed circuit TV systems
- Information gained from gartner.com, fulfillment of orders, receipt of newsletters, etc;
- Lists of contacts from external marketing firms
- Information about individuals from their company's database
"Sensitive Data" or "Sensitive Personal Information" is a subset of Personal Information, which due to its nature has been classified by law or by policy as deserving additional privacy and security protections. Sensitive Personal Information consists of:
- All government-issued identification numbers (including US Social Security numbers, Canadian Social Insurance numbers, driver's license numbers, and passport numbers),
- Individual financial account numbers (bank account numbers, credit card numbers, and other information if that information would permit access to an individual's financial account),
- Individual medical records and biometric information, including any information on any Consumer's health, disease or product interests,
- Personal information obtained from a U.S. consumer reporting agency and subject to the Fair Credit Reporting Act, and
- Personal information that is classified as "Special Categories of Data" under various laws or which otherwise require heightened protection, consists of the following data elements: (1) race, (2) ethnicity, (3) religious, philosophical, or political beliefs, (4) trade union membership, (5) health information or biometric data, (6) sexual orientation or information about the individual's sex life, and (7) information about crimes or alleged crimes committed by the individuals.
"Data Subject" is an identified or identifiable natural person. This includes associates, clients, prospects, employees, workers and other individuals.
"Processing" means any operation which is performed upon personal information, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction.
"Third Party" is any natural or legal person, public authority, agency or any other body other than the Data Subject, Gartner, or Agents.
COLLECTION AND USE
Gartner processes personal information in a reasonable and lawful manner for relevant and appropriate purposes. Personal information shall not be processed in a way which is incompatible with that purpose or those purposes and will be kept for no longer than necessary for the purposes for which it was collected.
Due to the nature of Gartner's business, services and benefits are not marketed to minors. Gartner does not knowingly attempt to solicit or receive any information from children.
Gartner collects information at several different points, including but not limited to the following:
Employment. Associates and candidates for employment must provide personal information related to recruiting, hiring and once employed, to process, tax, compensation, benefits, and other employment related functions.
Registration for Gartner Web sites. When Data Subjects register on Gartner Web sites, or for Gartner events, or purchase products, Gartner requests personal information. Gartner may use this personal information to provide advice and service, as well as to provide offers deemed relevant by Gartner. In circumstances where data processing is not permitted under local law, Gartner will request explicit consent from Data Subjects. Gartner may also contact Data Subjects regarding Web site problems or other customer service-related issues.
E-mail alerts. Data Subjects are asked to provide e-mail addresses when signing up for e-mail alerts on Gartner's Web sites. Additional information may also be necessary depending on the type of alert requested. Alerts can be managed or deleted on the "Alerts" link available from the top of the gartner.com homepage.
Purchases and Fulfillment. When Data Subjects place an order or register for a Gartner event, additional information such as credit card number and expiration date maybe be requested. This information is used for confirmation and billing purposes. The contact information provided is used to service the order. Also, when individuals register for an event, Gartner may request additional information about hotel, meal and other travel preferences. This information is used only for the specific event.
Gartner uses third-party service providers such as credit card processing companies, shipping companies, mailing houses and event coordinators together with other service providers as required to satisfy client requests. When Data Subjects register for a Gartner event, Gartner provides necessary information to hotels and to facilities hosting events. These parties are allowed to use that personal information only to provide services relevant to the event.
Conference Registration. Gartner may require personal information for Conference Registration and will not disclose it to any Third Party (other than in connection with Gartner co-sponsored conferences) without consent. Gartner does not rent, sell or otherwise disclose personal information for non-conference related mailings.
Usage Tracking. Gartner may monitor how Data Subjects use its Web sites including search terms entered, pages visited and documents viewed. For registered users, this information is stored with registration information. It is unique-number identifiable, and is used solely for purposes of enabling Gartner to provide you with a personalized Web site experience. Aggregated (not personally identifiable) forms of this data may also be used in order to help Gartner understand areas for future research and to identify future features and functions to develop for the Web sites. This data may also be used by Gartner, in the aggregate, to identify appropriate product offerings and subscription plans. This same data is also used by Gartner clients to help them understand how their subscriptions are being used by their employees and in this case, is personally identifiable to the specific client.
RFID. Gartner may use RFID technology at conferences to collect information pertaining to conference attendee participation in conference sessions and activities and/or visits to vendor booths. "RFID" stands for Radio frequency Identification, which is a generic term that is used to describe a system that transmits the identity (in the form of a unique serial number) of an object or person wirelessly, using radio waves. Typically, RFID waves are only receivable for several hundred feet.
Cookies. Gartner may employ a cookie, or small piece of computer code that enables Web servers to "identify" visitors, each time an individual initiate a session on Gartner Web sites. A cookie is set in order to identify Data Subjects and determine user access privileges. Cookies do not store any of the personal information that is provided to the Gartner Web site; they are simply identifiers.
Data Subjects have the ability to delete cookie files from their own hard drive at any time. However, individuals should be advised that cookies may be necessary to provide access to much of the content and many of the features of Gartner Web sites. Gartner uses cookie technology to enable registered users to move quickly and securely through access-controlled areas of the sites. Cookie technology also enables registered users to take advantage of certain useful features on the sites, including "remember my password."
Social Media. Generally, online social media resources are interactive tools that enable Data Subjects to collaborate and share information with others. Social media resources include but are not limited to social networks, discussion boards, bulletin boards, blogs, wikis, and referral functions to share web site content and tools with a friend or colleague. Gartner may collect personal information to enable Data Subjects to use online social media resources. Gartner may also enable you to use these social media resources to post or share personal information with others. When using social media resources, Data Subjects should take into careful consideration what personal information they share with others. Gartner provides additional notice and choices about how personal information is collected, used and disclosed on its Web sites and other online resources that offer social media.
Mobile Computing. Some Gartner Web sites and online resources are specifically designed to be compatible and used on mobile computing devices. Mobile versions of Gartner Web sites may require that users log in with an account for that Web site. Information about use of each mobile version of the Web site will be associated with user accounts. Further, some of Gartner's Web sites and online resources enable individuals to download an application, widget or other tool that can be used on mobile or other computing devices. Some of these tools may store information on mobile or other devices. These tools may transmit personal information to Gartner to enable Data Subjects to access user accounts and to enable Gartner to track use of these tools. Some of these tools may enable users to e-mail reports and other information from the tool. Gartner may use personal or non-identifiable information transmitted to Gartner to enhance these tools, to develop new tools, for quality improvement and as otherwise described in this Policy or in other notices Gartner provides.
Gartner notifies all identified Data Subjects about (i) the purposes for which personal information is collected and processed, (ii) the types of Third Parties to which personal information is disclosed, and (iii) the rights under this Policy (a) when collecting personal information, (b) when personal information is processed for a purpose other than its original purpose or the purpose authorized subsequently by the Data Subject and (c) upon request.
In certain situations, data is "unidentified" so that the names of the Data Subjects are not known by data processors within Gartner. In these cases, Data Subjects do not need to be notified.
Gartner gives each Data Subject the opportunity to opt-out from (i) allowing Gartner to disclose his/her personal information to a Third Party unless the disclosure is required by law or for the fulfillment of a contractual obligation (e. g. employment contract) and (ii) allowing Gartner to process personal information for a purpose other its original purpose or the purpose authorized subsequently by the Data Subject. An "Unsubscribe" button will be provided at the top or bottom of each e-mail communications sent by Gartner so that a Data Subject can opt-out.
Prior to disclosing Sensitive Data to Third Party or processing Sensitive Data for a purpose other than its original purpose or the purpose authorized subsequently by the Data Subject Gartner will obtain each Data Subject's explicit consent (opt-in).
With regard to personal information that Gartner receives in connection with the employment relationship, Gartner will use such personal information only for employment related purposes (e.g. tax, payroll, benefits). If Gartner intends to use this personal information for any purpose other than employment related purposes, Gartner will provide the Data Subject with an opportunity to opt-out of such uses (e.g. discount shopping club, charity, health club membership). Where consent of the Data Subject for the Processing (mainly collection, use, or disclosure) of personal information is required by law or contract, Gartner will comply with the law or contract.
Gartner places substantial importance on protecting the confidentiality of personal information and seeks the cooperation of all Associates in furthering this goal. Where local law requires a (written) agreement for the transfer of personal information to a Third Party, Gartner will comply with local law.
There may also be instances where Gartner may be required to share personal information with third parties who have not been retained (directly or indirectly). Many entities receiving personal information under these conditions have privacy requirements that apply to their handling of the information.
Gartner endeavors to ensure third parties will only transfer personal information to an Agent where the Agent has provided assurances that they will provide at least the same level of privacy protection as is required by this Policy. Where Gartner has knowledge that a Third Party or their Agent is using or sharing Personal Information in a way that is contrary to this policy, Gartner will take reasonable steps to prevent or stop such processing.
In addition, Gartner Web sites contain links to other Web sites. Individuals should be aware that Gartner is not responsible for the privacy practices of such other sites. Gartner encourages users to be aware when they leave Gartner sites and to read the privacy statements of each and every Web site that collects personal information.
Gartner does not sell, share or rent personal information collected on Company Web sites outside the Gartner family of companies. Gartner will only disclose personal information to Third Parties for consumer marketing purposes after obtaining the Data Subject's consent.
Where Gartner maintains personal information in a structured filing system or database, it provides Data Subjects with reasonable opportunity to examine that information that pertains to them and add to or correct the data, delete incorrect data, or block data as appropriate, subject to certain exceptions where access would not be appropriate.
Gartner maintains and implements an information security program that includes appropriate administrative, technical and physical safeguards and other security measures that are designed to: (a) ensure the security and confidentiality of personal information; (b) protect against any anticipated threats or hazards to the security, confidentiality and integrity of personal information; and (c) protect against unauthorized access, disclosure, alteration, or destruction of personal information that could result in the destruction, use, modification, disclosure or substantial harm or inconvenience to Gartner or any individual. The nature and extent of protection will correspond to applicable local laws and regulations.
In addition, Gartner provides users of its web sites with a secure online experience by using a variety of security measures to maintain the safety and confidentiality of personal information collected. For any questions about the security at Gartner, please send an e-mail to firstname.lastname@example.org.
Gartner takes reasonable steps to ensure that personal information is accurate, complete, and current. All Associates are asked to update their information immediately in the event that personal information changes. Data Subjects who create profiles with personal information on Gartner's websites can update their information at any time.
In addition, Gartner self-certifies annually with the U.S. Department of Commerce as a data controller, and the U.S. Federal Trade Commission has been empowered to investigate complaints and to obtain redress for Data Subjects in case of the Gartner's noncompliance with this Policy. Gartner has also agreed to cooperate with the European Data Protection Authorities (DPAs) for the purpose of handling any unresolved complaints regarding Human Resources personal information collected.
For any questions regarding this policy, outside parties should contact email@example.com. Gartner associates should contact their manager, HR partner or the Legal Department.