Callidus Software Inc., together with its affiliates, subsidiaries, and parent company SAP (collectively, “CallidusCloud,” “CallidusCloud Group,” “we,” or “us”) provides cloud-based sales, marketing, learning, and customer experience solutions.
CallidusCloud is committed to protecting your privacy and the personal information collected and processed about you.
About this policy
This is the Privacy and Cookies Policy ("Policy") for the websites operated by or on behalf of CallidusCloud and hosted at https://www.calliduscloud.com/; http://www.clicktools.com/; https://datahug.com/; www.litmos.com; www.bridgefront.com; www.learningseat.com.au; www.litmosheroes.com; www.viewcentral.com (“CallidusCloud’s Websites”).
This Policy also describes how we collect information about you, what we do with that information, and also what controls you have over that information in relation to your use of our Site and Services.
By visiting and using CallidusCloud’s website, mobile site, and/or applications (together, the "Site") or using our Services, you acknowledge you have read and understood this Policy.
For the purposes of European Economic Area data protection law (the "Data Protection Law"), this Policy applies to the information collected by Callidus Software Inc., and any of their respective affiliate entities (the “CallidusCloud Group”). The CallidusCloud Group’s data protection officer is Drew Grasham, contactable at email@example.com.
Throughout this Policy we use ‘plain English’ summaries which are intended to give you guidance about what each section is about. Please click the link below to learn more about:
1. How we collect your information
2. How we use your information
4. Sharing your information
5. Public Forums, Refer a Friend, and Customer Testimonials
7. Transfer of information overseas
8. Privacy Shield
10. Your Rights
11. Linked sites and advertisements
13. How you can access and update your information
14. Changes to this Policy
15. How to contact us
1. How we collect your information:
This section gives you more information about what information we collect about you and how we collect it, whether we collect it directly from you or other sources.
How we collect and store information depends on the Site you visit, the activities in which you participate, and the Services you use. You can use some of the Services without providing any information, although several categories of information are automatically collected from you when you use the Services via the Site.
When using the Services, we may collect and process the following information about you:
Information provided directly by you
- Information (such as your name, company name, email address, postal address, telephone number and other contact details that you provide by completing forms on the Site or using the Service, including information about you if you register as a user of the Site or subscribe to a Service, information about you that you upload or submit to the Site or Service, or information you provide to us when requesting information or material from us;
- Information and other details of any transactions made by you through the Site including but not limited to financial and billing information, including account numbers, billing name and address, birth year, credit card number, the total number of employees within the organization that will be using the Services and other financial-related information (“Billing Information”) provided by you when making transactions through the Site or when using our Services;
- Information contained in communications you send to us, for example to report a problem or to submit queries, concerns or comments regarding the Site (or its content) or the Services;
- Information from surveys that we may, from time to time, conduct on the Site that you respond to or participate in;
- Information from any employment materials you send us, for example, a CV, resumé or other details of your employment history; or
- Other additional information that you provide to us when attending our corporate events.
Information that we may collect from you when you use our Site
We may automatically collect certain information about the computer or other devices that you use to access the Site or use the Services, including mobile devices, through commonly-used information-gathering tools, such as cookies and web beacons (see our Cookies section here).
We may also collect information when you access the Site or use our Services such as: (i) location information (as described in the next section below), unique device identifiers and other information about your mobile phone or other mobile device(s) such as your Internet Protocol ("IP") address, browser types, browser language, operating system, the state or country from which you accessed the Services; and (ii) information related to the ways in which you interact with the Services, such as referring and exit pages and URLs, platform type, the number of clicks, domain names, landing pages, pages viewed and the order of those pages, the amount of time spent on particular pages, the date and time you used the Services, error logs, and other similar information. If you do not want to provide us with location-tracking information, you can disable the GPS or other location-tracking functions on your device; provided your device allows you to do this.
We may aggregate and/or de-identify information collected by the use of the Site or the Services so that the information is not intended to identify you. This Policy does not restrict our use or disclosure of aggregated and/or de-identified information.
Information about you collected from third parties
We may process your personal information that we have either obtained from you, or obtained from somewhere else. Personal information which is not collected directly from you may be collected:
- From your employer in connection with your job and how it relates to us.
- If you use any Site operated by us.
- From third parties we work closely with (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, and search information providers). We will notify you when we receive information about you from them and the purposes for which we intend to use that information.
If you access the Site or use the Services through a third-party connection or log-in, you authorize CallidusCloud to collect, store, and use, in accordance with this Policy, any and all information available to CallidusCloud through the third-party interface.
2. How we use your information:
Information is collected for the purposes stated in this Policy and will not be further processed in a manner that is incompatible with those purposes.
We will collect and use your information as described in this Policy and as permitted by applicable laws, including in circumstances where it is necessary: (i) to provide or fulfil Services requested by or for you; (ii) for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into such a contract; (iii) for compliance with a legal obligation to which we are a subject; (iv) to pursue our legitimate interests; or (v) where you have given us your express consent.
We collect and use your information for the following purposes:
- To perform the Services requested by you. For example, if you fill out a “Contact Me” web form, we will use the information provided to contact you about your interest in the Services. This data processing is necessary to provide or fulfil a service requested by or for you.
- To plan and host events. For example, corporate events, host online forums and social networks in which event attendees may participate, and populate online profiles in relation to the Services. This data processing is necessary to provide or fulfil a service requested by or for you.
- For marketing purposes. For example, we may use your information to further discuss your interest in the Services and to send you information regarding CallidusCloud and our group companies and our partners such as information about promotions, events, products or services. We will only send you marketing communications and updates about our products, services and events with your prior consent, where required by law or otherwise in our legitimate interests provided these interests do not override your right to object to such communications. You can withdraw your consent at any time.
You can object to further marketing at any time by checking and updating your contact details within your account, or/and selecting the “unsubscribe” link located on the bottom of CallidusCloud’s marketing emails. Additionally, you may send a request to firstname.lastname@example.org.
You have the right to contact us at any time to object to the further processing of your information for the purposes of direct marketing to you, including any profiling related to such marketing.
- For financial and payment purposes. For example, for checking financial qualifications and collect payment from you, where applicable. This data processing is necessary to provide or fulfil a service requested by or for you.
- For operating and improving CallidusCloud’s Site and your customer experience. For example, we may collect and analyze data on your use of our website and process it for the purpose of improving our online customer experience. Data collected could include data about your device, such as unique device identifiers, information about your mobile phone or other mobile device(s), browser types, browser language, operating system, and the state or country from which you accessed the Services. Data collected could also include information related to the ways in which you interact with the Services, such as referring and exit pages and URLs, platform type, the number of clicks and domain names. This data allows us to understand our customers, their interaction with our website and improve our website to better serve our customers. We may use third-party analytics providers and technologies, including cookies and similar tools, to assist in collecting this information. Data processing for analytical and operational improvement purposes is a legitimate business interest.
- For security purposes. For example, we may use your data to protect CallidusCloud and its third parties against security breaches and to prevent fraud and violation of CallidusCloud’s applicable agreements. Data processing for security purposes is a legitimate business interest.
- For hosting purposes. For example, if you are our customer, we may collect and host your data to provide Services to you. If your employer is our customer, we may process your data in accordance with providing Services to them. However, we will not review, share, distribute, or reference any such data except as provided in a services agreement between us and our customer, or as may be required by law. Data processing for the purpose of hosting our Services is a legitimate business interest.
- For customizing the Services with location-based information, advertising, and features. For example, if location-tracking on your mobile device shows you are close to a Callidus corporate event, we may reach out to you and let you know you should visit our nearby event. If you access the Services through a mobile device and you do not want your device to provide us with location-tracking information, you can disable the GPS or other location-tracking functions on your device, provided your device allows you to do this. This data processing is necessary to provide or fulfil a service requested by or for you, and can be disabled by you. If you access the Services through a mobile device and you do not want your device to provide us with location-tracking information, you can disable the GPS or other location-tracking functions on your device, provided your device allows you to do this.
- Protection of CallidusCloud and Others. For example, we may disclose your information to: (i) comply with legal obligations; (ii) enforce any agreements that you entered into with us; (iii) respond to claims that any content violates the rights of third parties; (iv) respond to your requests for customer service; and/or (v) the extent necessary for the purposes of the legitimate interests pursued by us or by the third party or parties to whom the data are disclosed, except where such interests are overridden by the interests for fundamental rights and freedoms of the data subjects. We may also disclose information to law enforcement agencies in emergency circumstances, where the disclosure of such information is consistent with the types of emergency disclosures permitted or required by law. This is data processing for compliance with a legal obligation.
- Business Transfers. For example, we reserve the right to disclose and transfer all of your information, to a successor (or potential successor) company in connection with a merger, acquisition, or sale of all, or components, of our business, or in connection with due diligence associated with any such transaction. Data processing for this purpose is a legitimate business interest.
We use this information to ensure the proper functioning and security of our Site and Services and to optimize our Site or Services.
How do we collect cookies and other technologies
What types of cookies do we use?
Third party cookies
We also allow other third parties (e.g., ad networks and ad servers) to serve tailored ads to you on the Services, and to access their own cookies or other tracking technologies on your computer, mobile phone, or other device you use to access the Site or use the Services.
Session and persistent cookies
We use both session cookies and persistent cookies. A session cookie is used to identify a particular visit to our site. These cookies expire after a short time, or when you close your web browser after using our Services. We use these cookies to identify you during a single browsing session. A persistent cookie will remain on your devices for a set period of time specified in the cookie. We use these cookies where we need to identify you over a longer period of time. For example, we would use a persistent cookie if you asked that we keep you signed in. Another type of cookies is Flash cookies, which are stored with your Adobe Flash Player files and help in the viewing of content that uses the Adobe Flash player.
We use these cookies and other technologies on the basis that they are necessary for the performance of a contract with you, or because using them is in our legitimate interests (where we have considered that these are not overridden by your rights), and, in some cases, where required by law, where you have consented to their use
- Authentication and Security: To log you into the Services; to protect your security; and to help us detect and fight spam, abuse, and other activities that violate CallidusCloud’s Website Terms and Conditions, which can be found here. For example, these technologies help authenticate your access to the Services and prevent unauthorized parties from accessing your account. They also let us show you appropriate content through the Services.
- Preferences: To remember information about your browser and your preferences; and to remember your settings and other choices you have made.
- Analytics and Research: To help us better understand how people use our Services, we work with a number of analytics partners, including Google Analytics; and to help us improve and understand how people use the Services. For example, cookies help us test different versions of our Services to see which particular features or content users prefer. We may include web beacons in e-mail messages or newsletters to determine whether the message has been opened and for other analytics. We might also optimize and improve your experience using the Services by using cookies to see how you interact with the Services, such as when and how often you use them and what links you click on. To find out more about how Google uses data when you visit a website that uses Google Analytics, please visit https://www.google.com/policies/privacy/partners/.
- Personalized Content: To customize the Services with more relevant content.
For more information about targeting and advertising cookies and how you can opt out, you can visit http://youronlinechoices.eu or www.allaboutcookies.org/manage-cookies/index.html. Please note that to the extent advertising technology is integrated into the Services, you may still receive advertisements even if you opt out of tailored advertising. In that case, the ads will not be tailored to your interests.
Where are cookies and similar technologies used? We use these technologies on the Services, including our Site. We do not release the information collected from our own cookies to any third parties, other than to our service providers who assist us in providing the Services and only in accordance with this Policy.
You may receive tailored advertising on your computer or mobile device through a web browser. If you are interested in more information about tailored browser advertising and how you can generally control cookies, you may visit the Network Advertising Initiative’s Consumer Opt-Out Link, the Digital Advertising Alliance’s Consumer Opt-Out Link, or the European Interactive Digital Advertising Alliance, “Your Online Choices” page to opt out of receiving tailored advertising from companies that participate in those programs. To opt out of Google Analytics for Display Advertising or customize Google Display Network ads, you can visit the Google Ads Settings page. Please note that, to the extent advertising technology is integrated into the Services, you may still receive advertisements even if you opt out of tailored advertising. In that case, the ads will just not be tailored to your interests. Also, we do not control any of the above opt-out links and are not responsible for any choices you make using these mechanisms or the continued availability or accuracy of these mechanisms.
4. Sharing your information:
You have the right to know who we share your information with.
We may share your information with:
- Our agents, partners or contractors who assist us in providing the Services we offer through our Site. The assistance provided by our agents, partners or contractors may be related to our marketing activities such as: updating marketing lists, data analytics, advertising, market research, participation in a contest or sweepstakes, and receiving and sending communications. Transactional assistance may also be provided by our agents, partners or contractors, including: processing transactions, fulfilling requests for information, billing, sales execution, and fulfilment of orders. Other support services provided may include: data storage, transfer, analysis and processing, legal services, providing IT, and in other tasks as requested, from time to time. Our agents, partners and contractors will only use your information to the extent necessary to perform their functions under this Policy and are subject to contractual restrictions prohibiting them from using your information for any other purpose.
- We may use third-party web analytics services such as Google Analytics. These service providers use your information to help us analyze how users use the Services, including by noting the third-party website from which you arrive. The information collected by the technology (including your IP address) will be disclosed to or collected directly by these service providers, who use the information to evaluate your use of the Services. We also use Google Analytics for certain purposes related to advertising, as described in the following section. To prevent Google Analytics from using your information for analytics, you may install the Google Analytics Opt-Out Browser Add-On.
- To receive a list of the agents, partners or contractors assisting us in the processing of your information please send your request to email@example.com. This list may change and will be updated from time to time.
- From time to time, CallidusCloud may partner with other companies to jointly offer products or services. If you purchase or specifically express interest in a jointly-offered product or service from CallidusCloud, CallidusCloud may share information about you collected in connection with your purchase or expression of interest with our joint promotion partner(s). If you do not want your information to be shared in this manner, you may email firstname.lastname@example.org. However, we do not control our business partners’ use of the information that we share with them about you that we collect, and their use of the information will be in accordance with their own privacy policies.
- Data About Attendees: CallidusCloud does not share Data About Attendees with business partners unless: (i) you specifically opt in to such sharing via an event registration form; or (ii) you attend a CallidusCloud event and have your attendee badge scanned by a business partner. If you do not want your information to be shared, you may email email@example.com. If you choose to share your information with business partners in the manners described above, your information will be subject to the business partners’ respective privacy policies.
- To protect CallidusCloud and Others: We may disclose any of your information to: (i) comply with legal process; (ii) enforce any agreements that you entered into with us; (iii) respond to claims that any content violates the rights of third parties; (iv) respond to your requests for customer service; and/or (v) the extent necessary for the purposes of the legitimate interests pursued by us or by the third party or parties to whom the data are disclosed, except where such interests are overridden by the interests for fundamental rights and freedoms of the data subjects. We may also disclose information to law enforcement agencies in emergency circumstances, where the disclosure of such information is consistent with the types of emergency disclosures permitted or required by law.
- Business Transfers: We reserve the right to disclose and transfer all of your information, including, without limitation, your information, to a successor (or potential successor) company in connection with a merger, acquisition, or sale of all, or components, of our business, or in connection with due diligence associated with any such transaction.
- California Do Not Track Disclosure. We are committed to providing you with meaningful choices about the information collected on the Services that is shared with third parties, and that is why we provide the opt-out choices set forth in this Policy. However, we do not recognize or respond to browser-initiated Do Not Track (“DNT”) signals, in part because no common industry standard for DNT has been adopted by industry groups, technology companies, or regulators, nor is there a consistent standard of interpreting user intent. We take privacy and meaningful choice seriously and will make efforts to continue to monitor developments in these areas.
5. Public Forums, Refer a Friend, and Customer Testimonials
We may provide bulletin boards, blogs, or chat rooms through the Services. Any information you submit in such a forum may be read, collected, or used by others who visit these forums. We are not responsible for the information you choose to submit in these forums. We are not responsible for the privacy policies or the content of such sites.
You may elect to use our referral program to inform friends about the Services. When using the referral program, CallidusCloud requests the friend’s name and email address. CallidusCloud will automatically send the friend a one-time email inviting him or her to visit CallidusCloud’s websites. CallidusCloud does not store this information.
CallidusCloud posts a list of customers and testimonials on CallidusCloud’s websites that contain information such as the names and titles. CallidusCloud obtains the consent of the individuals concerned prior to posting such information or testimonials.
We have appropriate physical, electronic, and managerial procedures to safeguard and help prevent unauthorized access and maintain data security of, and to use correctly, the information we collect online. These safeguards vary based on the sensitivity of the information that we collect and store.
All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using TLS 1.1 or higher. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your data transmitted to our Site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
7. Transfer of information overseas
You have the right to know if and where your information may be transferred. This section provides information on the existence of transfers of your information by us.
The personal information about you that we collect is sent to and stored on secure servers located as noted below or in the systems of the third parties that we use, where applicable. Such storage is necessary in order to process the information.
CallidusCloud Server locations include:
Sacramento, CA - US
Ashburn, VA - US
Chicago IL - US
Some Personal information may be transferred by us to the third parties mentioned in the circumstances described above (see Sharing your information), which may be situated outside the European Economic Area (EEA) and may be processed by our staff operating outside the EEA.
Standard Contractual Clauses
We will take all steps reasonably necessary to ensure that it is subject to appropriate safeguards, such as relying on a recognized legal adequacy mechanism which may include by entering into EC approved standard contractual clauses relevant to transfers of personal information (see http://ec.europa.eu/justice/dataprotection/internationaltransfers/transfer/index_en.html) and that it is treated securely and in accordance with this Policy.
8. Transfer of information to the United States: Privacy Shield
CallidusCloud has self-certified under the EU-U.S. Privacy Shield framework set forth by the U.S. Department of Commerce and the European Union. For more information on the EU–U.S. Privacy Shield, please visit the U.S. Department of Commerce’s Privacy Shield website at please visit https://www.privacyshield.gov/
Adhesion to the Privacy Shield Framework
CallidusCloud, Inc. has certified to the U.S. Department of Commerce that it adheres to the privacy Shield Principles. We comply with the EU-U.S Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States, respectively.
Accountability for onward transfers
We are responsible and remain liable for the processing of personal information we receive, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. We comply with the Privacy Shield Principles for all onward transfers of personal information from the EU, including the onward transfer liability provisions.
With respect to personal information received or transferred pursuant to the Privacy Shield Frameworks, we are subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Right of access
You have a legal right to request the personal information about you held by us. On request, we will provide you with a copy of this information. You also have a right to correct, amend or delete such personal information where it is inaccurate or has been processed in violation of data protection laws and Privacy Shield Principles.
Resolution of Privacy Shield queries and complaint mechanism
In compliance with the Privacy Shield Principles, we commit to resolve complaints about our collection or use of your personal information. If you have any inquiries or complaints regarding our Privacy Shield policy you should first contact us at firstname.lastname@example.org
We have further committed to refer unresolved Privacy Shield complaints to JAMS. If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your complaint, please contact or visit https://www.jamsadr.com/eu-us-privacy-shield or to file a complaint visit https://www.jamsadr.com/file-an-eu-us-privacy-shield-or-safe-harbor-claim. The services of JAMS are provided at no cost to you. As further explained in the Privacy Shield Principles, a binding arbitration option may also be made available to you in order to address residual complaints not resolved by any other means.
We are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission. We may be required to share your personal information, including the disclosure of EU personal information, to public authorities and law enforcement agencies in response to lawful requests, including requests to meet national security and law enforcement requirements.
This section explains how long we will retain your personal information for following termination of our commercial relationship and the reasons for retention.
We will only keep your information as long as it remains necessary for the identified purpose(s) for which it was originally collected and for up to eight (8) years afterwards or otherwise permitted by local laws, or as required for our business operations or by applicable laws.
We may need to retain certain personal information even once a customer account has been closed or deleted to enforce our terms, for fraud prevention, to identify, issue or resolve legal claims and/or for proper record keeping purposes. We may also retain a record of any stated objection by you to receiving our updates for the purpose of ensuring we can continue to respect your wishes and not contact you further. For example, if you request to stop receiving emails from us, we will retain your email address for use on an email “suppression list” to ensure you do not receive further emails, as requested.
All retained information will remain subject to the terms of this Policy. If you request that your name be removed from our databases, it may not be possible to completely delete all your information due to technological and legal constraints.
10. Your Rights:
This section provides details about your rights in relation to your personal information.
You may ask us to:
- Access all the personal information about you held by us, including where applicable, a list of the third parties to whom we have disclosed their personal information (if any) for their direct marketing purposes in the prior calendar year, as well as the type of personal information disclosed to those parties. On request, we will provide you with a copy of this information. Where a request is manifestly unfounded or excessive (for example, because it is repetitive) we reserve the right to charge a reasonable fee taking into account the administrative costs of providing the information or taking the action requested. You can exercise your right of access to your personal information:
Please note that we may be required to ask you for further information in order to confirm your identity before we provide the information requested.
- Correct or erase your personal information where appropriate. Please note, you may review and update certain user profile information by logging in, as applicable, to the relevant portions of the Services where such information may be updated;
- Restrict the processing of your personal information whilst we investigate your concern;
- Where your processing is based on your consent, you have a right to receive your information in a commonly used electronic format or ask we move the data in that format to another provider where your request relates to the data that you gave us direct and where technically possible (data portability);
- Object to the further processing of your personal data, including the right to object to marketing (as mentioned in 'Our marketing’ section);
- Request that your provided personal data be moved to a third party;
- You may opt out at any time from allowing further access by us to your location data by exiting the site. You can also stop all information collection by un-installing the App. You may use the standard un-install processes as may be available for your mobile device.; and
- Withdraw your consent at any time when the processing relies upon consent. You can also change your marketing preferences at any time as described in 'Our marketing' section;
If you remain unhappy with a response you receive you can also refer the matter to your data protection supervisory authority (see http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm).
11. Linked sites and advertisements
The Site or Services may contain links to third-party websites. We are not responsible for the privacy practices or the content of those third-party websites. Any information you provide via those services is subject to the applicable third party privacy policies and is not covered by this Policy.
Our Sites and Services do not target and are not intended to attract children under the age of 16. CallidusCloud does not knowingly solicit personal information from children under the age of 16. Should we learn or be notified that we have collected information from users under the age of 16, we will immediately delete such personal information. If you are under 16 in your country of residence, please ask your parent or guardian to provide their information for you.
13. How you can access and update your information
You may review and update certain user profile information by logging in, as applicable, to the relevant portions of the Site or Services where such information may be updated, or by contacting email@example.com.
14. Changes to this Policy
CallidusCloud reserves the right to change this Policy from time to time. Please check this page periodically for changes. If we make any material changes to this Policy we will notify you before they take effect either through the Site or by sending you a notification. Any such material changes will only apply to personal information collected after the revised Policy took effect.
15. Contact us
Have additional privacy questions or need further info? This section is about how to contact us.
If you have any questions, comments, or concerns regarding this Policy or CallidusCloud’s privacy practices, they may be submitted via email to firstname.lastname@example.org, or in writing by addressing your inquiries to:
Callidus Software Inc.
4140 Dublin Blvd., Suite 400
Dublin, CA 94568
Drew Grasham, DPO
This Policy was last modified on August 18, 2018.