ON24 Platform Privacy Policy

 

Last Updated: February 28,2023

 

ON24, Inc. and its subsidiaries (collectively, “ON24,” “we” or “us”) understand the importance of privacy. This Platform Privacy Policy (this “Policy”) explains how ON24 collects, stores, uses, sells and shares personal information collected, stored or processed by us through ON24’s Digital Engagement Platform, which includes services related to our Virtual Events, Webinars, Virtual Conferences, Hybrid Capabilities, Content Hubs, and all other ON24 products (collectively, the “Platform”). In this Policy, “personal information” is information that identifies or could be used to identify an individual and is meant to include similar expressions such as “personal data”.

The Platform is a tool used by businesses (including direct customers of ON24 and customers who access the Platform through an ON24 reseller) and their employees, agents and authorized users (the “Clients”) to deliver webinars and other content to registrants, attendees, participants, and other end users (the “End Users”). Collectively, End Users and Clients are “Platform Users”.

1.             Scope

This Policy applies to the personal information that ON24’s Clients submit to us via the Platform, as well as the personal information we collect, access, store, use or otherwise process (collectively, “process”) via the Platform on behalf of Clients, including the Registrant Information, Other Information and User Communications (each defined below), as well as other personal information we process from End Users of the Platform (together the “Platform Data”). 

Controller and Responsible Entity

With respect to the Platform Data, ON24 is a “data processor” or “service provider” under applicable data protection laws. As a data processor or service provider, we will only process the Platform Data pursuant to our Client’s instructions, as set forth in our applicable Client agreements, and as otherwise required by applicable privacy and data protection laws. This Policy does not apply to processing of Platform Data, or any other personal information collected via the Platform by Clients, which is subject to their own policies and practices.

With respect to the Platform Data, we process that is subject to EU and Swiss data protection laws, ON24, Inc. has certified its adherence to and will comply with the EU-U.S. and Swiss-U.S. Privacy Shield Principles, which can be found at www.privacyshield.gov/ (collectively, “Privacy Shield Principles”). You can review the Privacy Shield Principles, learn more about Privacy Shield, and view our Privacy Shield certification at www.privacyshield.gov/. ON24’s commitments under the Privacy Shield are subject to the investigatory and enforcement powers of the United States Federal Trade Commission. Please note: On July 16, 2020, the European Court of Justice invalidated the EU-US Privacy Shield Program as an adequacy mechanism for transfers of personal data to the United States. ON24 will continue to comply with its Privacy Shield commitments for so long as it remains an active participant in the program. In addition, we work with Clients to implement additional adequacy measures where necessary under applicable data protection laws in the European Economic Area (“EEA”) and the United Kingdom (“UK”), such as the EU standard contractual clauses for the transfer of personal data to processors established in third countries and the UK changes to the standard contractual clauses.

For more information about how ON24 processes personal information as a controller, please see the ON24 Online Privacy Policy.

2.             Data Collected

Information Collected Directly

Account Information. To access various parts of the Platform, and to create webinars and events, you must have an online account. To register for an account on the Platform, our Clients will decide what information they wish to collect but this will usually include your name, email address, telephone number, company name, and other information necessary to confirm that you are an authorized user of a Client (where relevant). Our Clients may also collect additional information such job title, information about your company (such as country and industry sector) and other user profile information such as age, gender, zip/postal code, and areas of special interest to you. Our processing of account information is subject to the ON24 Online Privacy Policy.

End User Information. To access webinars, virtual environments and other events administered by Clients via the Platform as an End User, you may be required to register. While our Clients determine what information to collect from End Users, the requested personal information typically includes name, email address, telephone number, company name and job title as well as information about your company such as country and industry sector.

User Communications. When you send email or other communication to ON24 or another user, we may retain those communications in order to process your inquiries, respond to your requests, and to improve our services.

Other Sites. We may offer services in connection with other websites or suppliers. Personal information that you provide to those sites may be sent to us in order to deliver these services. Different privacy policies may apply to these other sites.

Other Information. Clients may request additional information, like surveys or polls, be filled out in some webinars or virtual environments. Clients are responsible for configuring the Platform to collect such personal information.

Information Collected Automatically

Log Information. When you use the Platform, our servers record, in a server log, information that your browser sends whenever you visit a website. Server logs may include information such as your web request, Internet Protocol address, browser type, browser language, the date and time of your request and one or more cookies that may uniquely identify your browser. This data is used for various reasons, including security and providing the services.

Cookies, clear GIFs, etc. The Platform may use cookies (small pieces of information that are stored by your browser on your computer’s hard drive), clear GIFs, java script and other technology to collect and store information about your use of the Platform, such as your search activity, the pages you view, and the date and time of your visit, your browser type, type of computer or mobile device, browser language, IP address, mobile carrier, unique device identifier, location information, and requested and referring URLs. Please see our Cookie Policy for more information. 

Aggregate and De-Identified Information

ON24 may process (i.e., collect, use and disclose) aggregate de-identified information, and other information that is not personally identifiable, for research, analytics and other purposes, provided such information does not identify, and could not reasonably be used to identify a particular Client or End User. 

3.             Use of Information

ON24 uses the personal information we collect via the Platform to provide our services to Clients, including to operate and improve the Platform and our services, to provision Platform Users’ accounts, to carry out the transactions Platform Users request via the Platform, and to respond to Platform Users’ requests.

As noted above, ON24 is a data processor of the personal information collected via the Platform. Clients are data controllers with respect to Platform User personal information; this Policy does not apply to the processing (including collection, use and sharing) of Platform User personal information by Clients.

Clients may use the personal information they collect via the Platform for additional purposes, such as to deliver targeted content within the Platform, to contact End Users about their use of the Platform, for marketing and promotional purposes, and for other purpose; you should review their privacy policies for more information about how they collect, use and share the personal information collected via the Platform.

4.             Sharing of Information; Onward Transfers

As noted, Platform User information, including End User personal information, is shared with the Clients upon whose behalf the information was collected in accordance with their choices or Platform is being operated; this Policy does not apply to the processing (including collection, use and sharing) of Platform User personal information by Clients, and we are not responsible for such processing. 

ON24 will not share personal information about Platform Users with third parties except to provide the products or services you have requested, with consent, or under the following circumstances:

·         We will make personal information available to the Clients on whose behalf the personal information has been collected and processed, as explained above.

·         We may provide personal information to our agents, service providers, contractors and others acting on our behalf as sub-processors These parties do not have any independent right to use or share this information.

·         We may disclose the information we collect from you to ON24 affiliates and subsidiaries; however, if we do so, their use and disclosure of your information will be subject to this Policy.

 

Third parties who process personal information on our behalf must agree to use such personal information only for the purpose for which it is provided by us, and they must contractually agree to provide adequate protections for personal information. ON24 will continue to be liable for any onward transfers of personal information to such third parties. 

We may also disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements, as well as where is necessary to satisfy any applicable law, regulation, legal process or enforceable government request, to enforce our User Agreement and investigate violations thereof, to prevent, detect and address fraud, security or technical issues, or to protect against harm to the rights and property of ON24. If we are acquired by or merged with another company, if substantially all of our assets are transferred to another company (including as part of due diligence and for other purposes prior to the closing of such a transaction), or as part of a bankruptcy proceeding, we may transfer the information we have collected (including personal information) to the acquiring company.

5.             Accessing, Amending and Limiting Use of Your Personal Information

Individuals have the right to access the personal information that is maintained about them, and in some cases to limit the use and disclosure of such information. Registered Platform Users may log into their accounts to view and amend certain personal information in their profile. California, EEA, UK, Swiss, Brazilian, and Japanese End Users (as well those End Users where applicable law provides for these rights) who would like to request access to, limit use of, delete, or limit disclosure of their personal information (as well as to request correction of personal information for EU, UK and California Users) collected via the Platform by a Client should contact that Client directly. California, EEA, UK, Swiss, Brazilian, Japanese End Users (and those End Users where applicable law provides for this right) may also make such requests by contacting us at dsr@on24.com and providing the name of the Client. We will refer such requests to that Client and will support them as needed in responding to your request.

6.              Security

Wherever your personal information may be held within ON24 or on its behalf, we take reasonable steps to protect the personal information that you share with us from unauthorized access or disclosure, including, without limitation, restricting access to certain portions of our website through access controls, encryption tools and using firewalls. Regardless of the precautions taken by us, ON24 cannot ensure or warrant the security of any information you transmit to us, and you transmit such information at your own risk. You are responsible for all actions taken with your user ID and password, if any. Therefore, we recommend that you do not disclose your password to anyone. If you lose control of your password, you may lose substantial control over your personal information and may be subject to legally binding actions taken on your behalf.

7.             Complaints and Disputes

Platform Users who have any questions, complaints, or disputes regarding this Policy or the manner in which ON24 handles or protects personal information may contact us at privacy@on24.com. We will promptly investigate and attempt to resolve any complaints and disputes and will respond within 45 days of receiving any such complaint or as may be required by applicable law.

For EU and Swiss Platform Users whose complaints cannot be resolved through this process, ON24 agrees to participate in a dispute resolution process administered by JAMS. For information about how to initiate a Privacy Shield claim with JAMS, visit jamsadr.com. If neither ON24 nor JAMS resolves your complaint, you may be able to engage in binding arbitration through a Privacy Shield arbitration panel (for more information, visit privacyshield.gov).

8.            Changes

ON24 may update this Policy from time-to-time, so please review it frequently.

9.             Contact Us

Please email us at privacy@on24.com with any questions about this Policy or contact us by post at ON24, Inc., Attn: Privacy, 50 Beale Street, 8th Floor, San Francisco, CA 94105.