ON24 Platform Privacy Policy

 

Last Updated: November 27, 2023

 

ON24, Inc. and its subsidiaries (collectively, “ON24,” “we” or “us”) understand the importance of privacy. This Platform Privacy Policy (this “Policy”) explains how ON24 collects, stores, uses, and shares personal information collected, stored or processed by us through ON24’s Digital Engagement Platform, which includes services related to our Virtual Events, Webinars, Virtual Conferences, Hybrid Capabilities, Content Hubs, and all other ON24 products (collectively, the “Platform”). In this Policy, “personal information” is information that identifies or could be used to identify an individual and is meant to include similar expressions such as “personal data.”

The Platform is a tool used by businesses (including direct customers of ON24 and customers who access the Platform through an ON24 reseller) and their employees, agents and authorized users (the “Clients”) to deliver webinars and other content to registrants, attendees, participants, and other end users (the “End Users”). Collectively, End Users and Clients are “Platform Users”.

ON24 complies with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF (“UK Extension”), and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) as set forth by the U.S. Department of Commerce (collectively, the “DPFs”). ON24 has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) with regard to the processing of personal data received from the European Union (“EU”) in reliance on the EU-U.S. DPF and from the United Kingdom (“UK”) (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. ON24 has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (“Swiss-U.S. DPF Principles”) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this Policy and the EU-U.S. DPF Principles and /or the Swiss-U.S. DPF Principles (collectively, the “DPF Principles”), the DPF Principles shall govern. To learn more about the Data Privacy Framework program, and to view our certification, please visit https://www.dataprivacyframework.gov/. ON24 is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (“FTC”).

1.             Scope

This Policy applies to the personal information that ON24’s Clients submit to us via the Platform, as well as the personal information we collect, access, store, use or otherwise process (collectively, “process”) via the Platform on behalf of Clients, including the Registrant Information, Other Information and User Communications (each defined below), as well as other personal information we process from End Users of the Platform (together the “Platform Data”). This includes ON24’s processing of Platform Data received from Clients located in the European Economic Area (“EEA”), the UK (and Gibraltar), and Switzerland while providing services from the United States (“U.S.”).   

Controller and Responsible Entity

With respect to the Platform Data, ON24 is a “data processor” or “service provider” under applicable data protection laws. As a data processor or service provider, we will only process the Platform Data pursuant to our Client’s instructions, as set forth in our applicable Client agreements, and as otherwise required by applicable data protection laws. This Policy does not apply to the processing of Platform Data, or any other personal information collected via the Platform by Clients, which is subject to their own policies and practices.

For information about how ON24 processes personal information on its website (as opposed to the Platform), please see the ON24 Online Privacy Policy

2.             Data Collected

Information Collected Directly

Account Information. To access various parts of the Platform, and to create webinars and events, you must have an online account. To register for an account on the Platform, our Clients will decide what information they wish to collect but this will usually include your name, email address, telephone number, company name, and other information necessary to confirm that you are an authorized user of a Client (where relevant). Our Clients may also collect additional information such job title, information about your company (such as country and industry sector) and other user profile information such as zip/postal code, and areas of special interest to you. 

End User Information. To access webinars, virtual environments and other events administered by Clients via the Platform as an End User, you may be required to register. While our Clients determine what information to collect from End Users, the requested personal information typically includes name, email address, telephone number, company name and job title as well as information about your company such as country and industry sector.

Other Sites. We may offer services in connection with other websites or suppliers. Personal information that you provide to those sites may be sent to us in order to deliver these services. Different privacy policies may apply to these other sites.

Other Information. Clients may request additional information, like surveys or polls, be filled out in some webinars or virtual environments. Clients are responsible for configuring the Platform to collect such personal information.

Information Collected Automatically

Log Information. When you use the Platform, our servers record, in a server log, information that your browser sends whenever you visit a website. Server logs may include information such as your web request, Internet Protocol address, browser type, browser language, the date and time of your request and one or more cookies that may uniquely identify your browser. This data is used for various reasons, including security and providing the services.

Cookies. The Platform may use cookies or similar technologies depending on the services used by our Clients on the Platform. Please see our Platform Cookie Policy for more information. 

Aggregate and De-Identified Information

ON24 may process (i.e., collect, use and disclose) aggregate de-identified information, and other information that is not personally identifiable, for research, analytics and other purposes, provided such information does not identify, and could not reasonably be used to identify a particular Client or End User. 

3.             Use of Information

ON24 uses the personal information we collect via the Platform to provide our services to Clients, including to operate and improve the Platform and our services, to provision Platform Users’ accounts, to carry out the actions Platform Users request via the Platform, and to respond to Platform Users’ requests. As noted above, ON24 is a data processor of the personal information collected via the Platform. Clients are data controllers with respect to Platform User personal information; this Policy does not apply to the processing (including collection, use and sharing) of Platform User personal information by Clients.

Clients may use the personal information they collect via the Platform for additional purposes, such as to deliver targeted content within the Platform, to contact End Users about their use of the Platform, for marketing and promotional purposes, and for other purpose; you should review their privacy policies for more information about how they collect, use, and share the personal information collected via the Platform.

4.             Sharing of Information; Onward Transfers

As noted, Platform User information, including End User personal information, is shared with the Clients upon whose behalf the information was collected in accordance with their choices or upon whose behalf the Platform is being operated; this Policy does not apply to the processing (including collection, use and sharing) of Platform User personal information by Clients, and we are not responsible for such processing. 

ON24 does not sell or, except as explained below, share personal information collected from Platform Users.

ON24 may share Platform Users’ personal information to parties (including ON24 affiliates) acting as its sub-processors.

Third parties who process personal information on our behalf must agree to use such personal information only for the purpose for which it is provided by us, and they must contractually agree to provide at least the same level of privacy protection as is required by the DPF Principles. ON24 will take reasonable and appropriate steps to ensure that the third parties effectively process the personal information transferred in a manner consistent with ON24’s obligations under the Data Privacy Framework Principles. If the third parties make a determination that it can no longer meet its obligation to provide the same level of protection as is required by the DPF Principles, we require such third parties to notify us. Upon notice, we will take reasonable and appropriate steps to stop and remediate unauthorized processing. ON24 will continue to be liable for any onward transfers of personal information to such third parties. Upon request, we will provide a summary or a representative copy of the relevant privacy provisions of our contract with such third parties to the U.S. Department of Commerce.

We may also disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements, as well as where is necessary to satisfy any applicable law, regulation, legal process or enforceable government request, to enforce our  agreements with our Clients and investigate violations thereof, to prevent, detect and address fraud, security or technical issues, or to protect against harm to the rights and property of ON24. 

5.             Accessing, Amending and Limiting Use of Your Personal Information

Individuals have the right to access the personal information that is maintained about them, and in some cases to limit the use and disclosure of such information. Platform Users may log into their accounts to view and amend certain personal information in their profile. California, EEA, UK, Swiss, Brazilian, and Japanese End Users (as well those End Users where applicable law provides for these rights) who would like to request access to, limit use of, delete, or limit disclosure of their personal information (as well as to request correction of personal information where applicable law provides this right)) collected via the Platform by a Client should contact that Client directly. California, EEA, UK, Swiss, Brazilian, Japanese End Users (and those End Users where applicable law provides for this right) may also make such requests by contacting us at dsr@on24.com and providing the name of the Client. We will refer such requests to that Client and will support them as needed in responding to your request.

6.              Security

ON24 takes reasonable and appropriate measures to protect the personal information that it shared with us from unauthorized access or disclosure, including, without limitation, restricting access to certain portions of our website through access controls, encryption tools and using firewalls. Regardless of the precautions taken by us, ON24 cannot ensure or warrant the security of any information you transmit to us, and you transmit such information at your own risk. You are responsible for all actions taken with your user ID and password, if any. Therefore, we recommend that you do not disclose your password to anyone. If you lose control of your password, you may lose substantial control over your personal information and may be subject to legally binding actions taken on your behalf.

8.               Complaints and Disputes

Platform Users who have any questions, complaints, or disputes regarding this Policy or the manner in which ON24 handles or protects personal information (including any questions or complaint related to ON24’s participation to the DPFs) may contact us at privacy@on24.com. We will promptly investigate and attempt to resolve any complaints and disputes and will respond within 30 days of receiving any such complaint or as may be required by applicable law.

In the event that ON24 fails to respond or its response is insufficient or does not address the concern, ON24 has registered with JAMS to provide independent third-party dispute resolution at no cost to you. To contact JAMS and/or learn more about the company’s dispute resolution services, including instructions for submitting a complaint, please visit https://www.jamsadr.com/dpf-dispute-resolution. As further explained in the DPF Principles, binding arbitration is available to address residual complaints not resolved by other means. You may seek to engage in binding arbitration through the EU-U.S. Data Privacy Framework Panel.

 

9.            Changes

ON24 may update this Policy from time-to-time, so please review it frequently.

1O.             Contact Us

Inquiries and complaints relating to ON24’s treatment of personal information and its compliance with the DPF Principles may be directed to privacy@on24.com or ON24, Inc., Attn: Privacy, 50 Beale Street, 8th Floor, San Francisco, CA 94105.