ON24 Platform Privacy Policy
Last Updated: January 28, 2025
ON24, Inc. (“ON24,” “we” or “us”) understand the importance of privacy. This Platform Privacy Policy (this “Policy”) explains how ON24 collects, stores, uses, and shares personal information collected, stored or processed by us through ON24’s Digital Engagement Platform, which includes services related to our Virtual Events, Webinars, Virtual Conferences, Hybrid Capabilities, Content Hubs, and all other ON24 products (collectively, the “Platform”). In this Policy, “personal information” is information that identifies or could be used to identify an individual and is meant to include similar expressions such as “personal data.”
The Platform is a tool used by businesses (including direct customers of ON24 and customers who access the Platform through an ON24 reseller) and their employees, agents and authorized users (the “Clients”) to deliver webinars and other content to registrants, attendees, participants, and other end users (the “End Users”). Collectively, End Users and Clients are “Platform Users”.
ON24 participates in the EU-US Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. Data Privacy Framework (”UK Extension to the EU-U.S. DPF”) and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF)” (collectively, the EU-U.S. DPF, the UK Extension to the EU-U.S. DDF and the Swiss-U.S. DDF being the “DPFs”).
ON24 has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) with regard to the processing of personal data received from the European Union (“EU”) in reliance on the EU-U.S. Data Privacy Framework and from the United Kingdom (“UK”) and Gibraltar in reliance on the UK Extension to the EU-U.S. DPF.
ON24 has also certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (“Swiss-U.S. DPF Principles”) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.
If there is any conflict between the terms in this Policy and the EU-U.S. DPF Principles (and their application under the UK Extension to the EU-U.S. DPF) and /or the Swiss-U.S. DPF Principles (collectively, the “DPF Principles”), the DPF Principles shall govern with respect to data transfers from the EU, the UK, Gibraltar, or Switzerland under, as applicable, the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, or the Swiss-U.S. DPF. To learn more about the Data Privacy Framework program, and to view our certification, please visit https://www.dataprivacyframework.gov/. ON24 is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (“FTC”).
1. Scope
This Policy applies to the personal information that ON24’s Clients submit to us via the Platform, as well as the personal information we collect, access, store, use or otherwise process (collectively, “process”) via the Platform on behalf of Clients, including the Registrant Information, Other Information and User Communications (each defined below), as well as other personal information we process from End Users of the Platform (together the “Platform Data”). This includes ON24’s processing of Platform Data received from Clients located in the European Economic Area (“EEA”), the UK (and Gibraltar), and Switzerland while providing services from the United States (“U.S.”).
Controller and Responsible Entity
With respect to the Platform Data, ON24 is a “data processor” or “service provider” under applicable data protection laws. As a data processor or service provider, we will only process the Platform Data pursuant to our Clients’ instructions, as set forth in our applicable client agreements, and as otherwise required by applicable data protection laws. Each of our Clients is a “data controller” under applicable data protection laws with respect to the Platform Data relating to relevant Clients. This Policy does not apply to the processing of Platform Data by Clients, or any other personal information collected via the Platform by Clients, which is subject to their own policies and practices.
For information about how ON24 processes personal information on its website (as opposed to the Platform), please see the ON24 Online Privacy Policy.
2. Data Collected
Information Collected Directly
Account Information. To access various parts of the Platform, and to create webinars and events, you must have an online account. To register for an account on the Platform, our Clients will decide what information they wish to collect from End Users but this will usually include your name, email address, telephone number, company name, and other information necessary to confirm that you are an authorized user of a Client (where relevant). Our Clients may also collect additional information such as job title, information about your company (such as country and industry sector) and other user profile information such as zip/postal code, and areas of special interest to you. The Client is responsible for advising you about what information they will ask us to process.
End User Information. To access webinars, virtual environments and other events administered by Clients via the Platform as an End User, you may be required to register. While our Clients determine what information to collect from End Users, the requested personal information typically includes name, email address, telephone number, company name and job title as well as information about your company such as country and industry sector. Our Clients are responsible for advising you about what information they will ask us to process.
Other Sites. Clients use other websites or suppliers. Personal information that you provide to those sites may be sent to us by Clients in order to deliver the services they have selected to use with the Platform. Different privacy policies may apply to these other sites.
Other Information. Clients may request that additional information, like surveys or polls, be filled out in some webinars or virtual environments. Clients are responsible for configuring the Platform to collect such personal information and to advise you about what additional information is being processed at their request.
Information Collected Automatically
Log Information. When you use the Platform, our servers record, in a server log, information that your browser sends whenever you visit a website. Server logs may include information such as your web request, Internet Protocol address, browser type, browser language, the date and time of your request and one or more cookies that may uniquely identify your browser. This data is used for various reasons, including security and providing the services to our Clients.
Cookies. The Platform may use cookies or similar technologies depending on the services used by our Clients on the Platform. Please see our Platform Cookie Policy for more information.
Aggregate and De-Identified Information
ON24 may process (i.e., collect, use and disclose) aggregate de-identified information, and other information that is not personally identifiable, for research, analytics and other purposes, provided such information does not identify, and could not reasonably be used to identify a particular Client or End User.
3. Use of Information
ON24 uses the personal information we collect via the Platform to provide our services to Clients, including to operate and improve the Platform and our services, to provision Platform Users’ accounts, to carry out the actions Platform Users request via the Platform, and to respond to Platform Users’ requests. As noted above, ON24 is a data processor of the personal information collected via the Platform. Clients are data controllers with respect to Platform User personal information; this Policy does not apply to the processing (including collection, use and sharing) of Platform User personal information by Clients. ON24 does not use the personal information collected via the Platform for any other purposes.
Clients may use the personal information they collect via the Platform for additional purposes, such as to deliver targeted content within the Platform, to contact End Users about their use of the Platform, for marketing and promotional purposes, and for other purposes; you should review their privacy policies for more information about how they collect, use, and share the personal information collected via the Platform. ON24 does not decide what Clients do with Platform Users personal information.
4. Sharing of Information; Onward Transfers
As noted, Platform User personal information, including End User personal information, is shared with the Clients upon whose behalf the information was collected in accordance with their choices or upon whose behalf the Platform is being operated; this Policy does not apply to the processing (including collection, use and sharing) of Platform User personal information by Clients, and we are not responsible for such processing.
ON24 does not sell or, except as explained below, share personal information collected from Platform Users.
ON24 may share Platform Users’ personal information to third parties (including ON24 affiliates) acting as its sub-processors to provide the Services to our Clients.
Third parties who process personal information on our behalf must agree to use such personal information only for the purpose for which it is provided by us, and they must contractually agree to provide at least the same level of privacy protection as is required by the DPF Principles. ON24 will take reasonable and appropriate steps to ensure that the third parties effectively process the personal information transferred in a manner consistent with ON24’s obligations under the applicable DPF Principles . If the third parties make a determination that it can no longer meet its obligation to provide the same level of protection as is required by the DPF Principles, we require such third parties to notify us. Upon notice, we will take reasonable and appropriate steps to stop and remediate unauthorized processing. ON24 will continue to be liable for any onward transfers of personal information to such third parties. Upon request, we will provide a summary or a representative copy of the relevant privacy provisions of our contract with such third parties to the U.S. Department of Commerce.
We may also disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements, as well as where is necessary to satisfy any applicable law, regulation, legal process or enforceable government request (in all such cases, unless prohibited by applicable law, after advising the relevant Client(s)); to enforce our agreements with our Clients and investigate violations thereof; to prevent, detect and address fraud, security or technical issues; or to protect against harm to the rights and property of ON24.
5. Accessing, Amending and Limiting Use of Your Personal Information
Individuals have the right to access the personal information that is maintained about them, and in some cases to limit the use and disclosure of such information. Platform Users may log into their accounts to view and amend certain personal information in their profile. California, EEA, UK, Swiss, Brazilian, and Japanese End Users (as well those End Users where applicable law provides for these rights) who would like to request access to, limit use of, delete, or limit disclosure of their personal information (as well as to request correction of personal information where applicable law provides this right)) collected via the Platform by a Client should contact that Client directly. California, EEA, UK, Swiss, Brazilian, Japanese End Users (and those End Users where applicable law provides for this right) may also make such requests by contacting us at dsr@on24.com and providing the name of the Client. We will refer such requests to that Client and will support them as needed in responding to your request.
6. Security
ON24 takes reasonable and appropriate measures to protect the personal information that it shared with us from unauthorized access or disclosure, including, without limitation, restricting access to certain portions of our website through access controls, encryption tools and using firewalls. Regardless of the precautions taken by us, ON24 cannot ensure or warrant the security of any information you transmit to us, and you transmit such information at your own risk. You are responsible for all actions taken with your user ID and password, if any. Therefore, we recommend that you do not disclose your password to anyone. If you lose control of your password, you may lose substantial control over your personal information and may be subject to legally binding actions taken on your behalf.
8. Complaints and Disputes
Platform Users who have any questions, complaints, or disputes regarding this Policy or the manner in which ON24 handles or protects personal information (including any questions or complaint related to ON24’s participation to the DPFs) may contact us at privacy@on24.com. We will promptly investigate and attempt to resolve any complaints and disputes and will respond within 30 days of receiving any such complaint or as may be required by applicable law.
In the event that ON24 fails to respond or its response is insufficient or does not address the concern, ON24 has registered with JAMS to provide independent third-party dispute resolution at no cost to you. To contact JAMS and/or learn more about the company’s dispute resolution services, including instructions for submitting a complaint, please visit https://www.jamsadr.com/dpf-dispute-resolution. As further explained in the DPF Principles, binding arbitration is available to address residual complaints not resolved by other means. You may seek to engage in binding arbitration through the EU-U.S. Data Privacy Framework Panel.
9. Changes
ON24 may update this Policy from time-to-time, so please review it frequently.
1O. Contact Us
Inquiries and complaints relating to ON24’s treatment of personal information and its compliance with the DPF Principles may be directed to privacy@on24.com or ON24, Inc., Attn: Privacy, 50 Beale Street, 8th Floor, San Francisco, CA 94105.