1. Introduction
This privacy notice (“Notice”) describes how Coveo Solutions, Inc. and its relevant affiliates (“Coveo” or “we” or “us”) collect, use, disclose, transfer, store and otherwise process personal information relating to you (“Personal Information”) in the course of its activities described below.
Coveo as a Service Provider
Coveo provides cloud-based services to its customers pursuant to a written agreement (“Cloud Service”). Our customers and their authorized users upload and store personal information on the Cloud Service (“Customer Personal Information”). Coveo processes Customer Personal Information in its cloud-based solutions on behalf of its customers and only in accordance with their written instructions. Coveo is acting as a “processor” or as a “service provider” with regard to Customer Personal Information. Therefore, this Notice does not apply to Customer Personal Information.
For detailed information related to a Coveo customer using Coveo Cloud Service as a “controller”, you should contact the Coveo customer directly or refer to their privacy notice. In particular, if your Personal Information has been submitted to us on behalf of a Coveo customer and you wish to exercise your rights under applicable privacy laws, please direct your requests to the Coveo customer. If you contact Coveo for these purposes, we are required to inform the relevant Coveo customer of your request (to the extent that we can identify them from the information you have provided).
Supplemental Privacy Notices
We supplement this Notice with the following specific notices:
- Cookie Notice This notice applies in connection with our use of cookies and other tracking technologies.
- Applicant and Candidate Privacy Notice This notice applies when we collect and use Personal Information in connection with our recruitment process.
Table of Contents
We recommend that you read this Notice in full to ensure that you are fully informed about the manner in which we collect and use or otherwise process your Personal Information. You can also refer to a specific section of this Notice by clicking on the relevant link below:
- 2. Personal Information We Collect
- 3. How We Use Your Personal Information
- 4. Cookies and Other Technologies
- 5. With Whom We Disclose Your Personal Information
- 6. How We Protect Your Personal Information
- 7. Retention of Personal Information
- 8. Your Privacy Rights
- 9. International Transfers
- 10. Contacting us
- 11. Modifications to the Notice
- 12. US Privacy Notice
2. Personal Information We Collect
The table below describes the categories of Personal Information that we collect and the situations in which we collect it.
| Situations where we collect Personal Information | Types of Personal Information |
|---|---|
|
If you access or use our websites, digital resources, services, training platforms, emails or other Coveo digital properties (“Resources”). This may include situations where: you request customer support; you act as an authorized user for our Cloud Service and related services (professional services, support, training, customer success); you express an interest in obtaining information regarding our Cloud Service or related services; you are using the “Contact Us” section on our websites; you download content from the Coveo resources center; you join the Coveo connect community or our Partner Portal or community; you contact Coveo for a demo of the Cloud Service, an event, a webinar or any other promotional activity; you use Coveo’s chat; you answer a survey or a questionnaire or you voluntarily provide feedback; you participate in our contests or sweepstakes. |
Contact Information, professional information.
It may include your first and last name or a nickname; your telephone number; your business email address; your job function/title; your country; your organization name; your work location; your bio, and whether or not you are acting on behalf of a current customer. |
| If you join our Coveo community. | Contact information, professional information.
It may include the Contact information described above as well as information (including files) you post on our community , badges and points earned, level of advancement in the community, followers and followings. |
| If you attend an event that we host or where we participate. | Contact information, professional information.
It may include the Contact information described above as well as badge information or your image. |
| Third-party providers from whom we have purchased contact lists or with whom we participate at an event. We may also collect Personal Information from our business partners. | Contact information, professional information. |
| If you visit our offices. | Contact information, professional information. |
| If you visit our Resources, we automatically collect information through the use of cookies and other tracking technologies as described in the Coveo Cookie Notice |
Internet or other electronic network activity information including browsing history, search history and information regarding your interactions with our Resources. This information may include: the amount of time spent on a page, whether you are a unique or repeat visitor, and the pages or features you engage with, your Internet Protocol (IP) addresses and approximate geolocation information, browser type and language, Internet service provider (ISP), referring and exit pages, operating system, and date/time stamp. |
| If you are an authorized user of our customers, we collect information relating to the configuration, the use and the consumption of our Cloud Service. | Internet or other electronic network information including but not limited to, information regarding your interaction with our Cloud Service. This might include information obtained from APIs (Application Programming Interface); information about authorized users such as email addresses, user names, IP addresses (or proxy server information), user identifier, time stamp associated with your usage, browser information, operating system type and version, internet service provider, device identifier, device model, user agent, business function, logs, page and files viewed or aggregated usage information. |
| If you use our training Resources on Coveo Level Up, we may collect usage information. | Internet or other electronic network information, including but not limited to, information regarding your interaction with Coveo Level Up. This may include browsing information, as well as information regarding your use of our training resources (e.g. training completed, time spent on each training item, quiz answers, etc.). |
| If you have a phone conversation, participate in an online meeting, or join a video conference with Coveo (for sales or customer support purposes). | Content of the communication with us. |
| If you are working for a Coveo customer or otherwise a Coveo business partner (i.e. supplier). | Contact information, payment and billing information (such as the billing information of your company). |
| We may use third-party applications when you use our Cloud Service, includingYouTube API Services. You may choose to connect with such third-party applications when you use our Cloud Service. We will process your Personal Information to enable your use of the third-party application through the Cloud Service and in accordance with this Notice. Your use of third-party applications shall also be subject to the third-party’s privacy Notice, such as the Google Privacy Notice. | Contact information. |
| When we are building a profile about your preferences, characteristics or behaviors in relation to our Resources or Cloud Service. | Inferences drawn from any of the above categories of information to create a profile about your preferences. |
3. How We Use Your Personal Information
We generally process your Personal Information for our business purposes that help us fulfill a request or a contractual obligation, promote our services or otherwise conduct our business. Those reasons are called “legitimate interests” in the European Economic Area (“EEA”) and in the United Kingdom (“UK”).
|
Purposes and description |
Legal basis |
|---|---|
|
Handle contact and assistance requests. If you have contacted us for information regarding our Cloud Service and related services, for assistance (technical product support, professional services, customer success or any other type of assistance), for partnerships or for any other information. This includes requests made via the Coveo Connect Community, Coveo Partners Community, or via emails. |
Legitimate interests (perform a contract with your company; fulfill your request and communicate with you) |
|
Operate and maintain our Resources. We process your Personal Information to operate and maintain our Resources and to provide you with the content you access and request. |
Legitimate interests (provide you with content on our Resources). |
|
Improve our Resources This may include: tracking your browsing preferences, performing data analysis on an aggregated form, gathering insight on the effectiveness of our marketing campaigns and advertisements. |
Legitimate interests (provide you with relevant and efficient Resources across your overall user experience). |
|
Provide you with personalized recommendations when you are visiting our Resources. When we use Personal Information for this purpose you may expect to be presented with more engaging and relevant content than without the use of personalization. This implies that we may create a profile about you, based on device and usage information as well as the inferences drawn from those categories, to reflect your preferences. |
Legitimate interests (provide you with relevant and efficient Resources across your user experience) or consent (where required by applicable laws) |
|
Send you communications or updates We may inform you about Coveo’s latest product announcements, software updates, security and technical notices and upcoming events or provide tailored advertising or marketing about us. |
Legitimate interests (perform a contract with your company, send you communications related to your subscription, perform direct marketing activities) or consent (where required by applicable laws) |
|
Assess new customer or partner opportunities. We process your Personal Information, in particular contact information, to identify new customer or partner opportunities, based on our legitimate interests. |
Legitimate interests or consent (where required by applicable laws) |
|
Manage events participation. If you have registered to participate in an event, a contest, a webinar or other marketing or business event, we will process your Personal Information (mainly business contact information). |
Legitimate interest (manage and administer your participation in the event). |
|
Operational and security purposes. We may process your Personal information to detect and prevent fraud or bugs on our Resources and Cloud Service or to enhance the efficiency of our resources and Cloud Service operations to the extent necessary for our legitimate purposes. |
Legitimate interests (operate and maintain the security of our Cloud Service and Resources, network and information security; perform a contract with your company). |
|
Request your feedback. We might process your Personal Information to collect your feedback on your use of the Resources, Cloud Service or related services. |
Legitimate interests or consent (where required by applicable laws). |
|
Training, quality assurance or administration purposes. We may process your Personal Information, including recording phone calls for those purposes. |
Legitimate interests (maintain high quality in the services provided to our users) or consent (where required by applicable laws). |
|
Manage customer and user accounts We may process your Personal Information to collect and perform payments, to communicate with you or otherwise for customer or partner relationship management. |
Legitimate interests (perform a contract with your company) |
|
Comply with legal obligations. We process your Personal Information to cooperate with government authorities or competent courts, to respond to lawful requests, to communicate with you where required by laws or for auditing purposes. |
Legal obligations. |
|
Corporate transactions. This may include sales, mergers, acquisitions, reorganizations, bankruptcy and other corporate events. |
Legitimate interests or legal obligations. |
|
Other legitimate business purposes. This may include situations where we analyze trends on the use of our Resources or our Cloud Service, based on aggregated usage information, or ensure that we meet the demands of our customers. |
Legitimate interests. |
|
When you agree to have your Personal Information collected and processed. Your Personal Information will then be used for one or more of the above purposes. There may also be situations where you have provided Personal Information for one purpose and we later need to use this information for a secondary purpose. In such instance, we will seek your consent where required by applicable laws. |
Consent (where required by applicable laws). |
Artificial intelligence (“AI”) capabilities. Our processing of Personal Information for the purposes and legal basis described in the table above also include the use of automated methods of processing, including profiling (including artificial intelligence and generative intelligence capabilities), which may be used to analyze your Personal Information, determine trends or create AI-generated answers or other content. For example, we may use AI capabilities to streamline processes and improve efficiency, such as generating summary transcripts of conversations. These tools are only used to assist our teams, and all decisions are thoroughly reviewed under human oversight to ensure accuracy and fairness.
4. Cookies and Other Technologies
Coveo’s websites may use “cookies” and other technologies. For more information about those technologies, please visit our Cookie Notice
5. With Whom We Disclose Your Personal Information
We only disclose and share your Personal Information as follows:
With affiliates. Coveo is headquartered in Canada and has affiliates located all over the world, which includes Canada, the United States (“US”), the EEA and the UK In order to conduct our business activities described in Section 2, Coveo may share your Personal Information with its affiliates. In such instances, Coveo ensures an adequate level of protection for Personal Information.
With service providers. Coveo discloses your Personal Information with service providers with whom it has contracted in order to provide services on behalf of Coveo. These providers will access and process your Personal Information only as instructed by Coveo. This may include customer relationship management, marketing purposes, billing purposes, data analysis, information security, technical support, customer services or any other business purpose described in this Notice.
With business partners. From time to time, Coveo may partner with other companies to support its business. This may include resellers, referral partners,social networks or event sponsors. In such instances, your Personal Information will be processed separately by those partners and will be subject to the respective partner’s or sponsor’s privacy Notice. For instance, if you purchase or specifically express interest in a jointly-offered product, promotion or service from Coveo, if you attend an event or webinar, Coveo may share Personal Information about you collected in connection with your purchase or expression of interest with our joint partner(s). Coveo does not control its business partners’ use of your Personal Information, and their use of the information will be in accordance with their own privacy policies. If you do not wish for your information to be shared in this manner, you may choose not to purchase or specifically express interest in a jointly offered product or services.
With Advertising and analytics partners. We may share your information collected through the use of cookies and other tracking technologies with advertising and analytics networks or technology providers as set forth in our Cookie Notice.
With Professional advisers. In some instances, we may share your Personal Information with professional advisers including lawyers, bankers, auditors or accountants.
Where required by laws. Coveo may share your Personal Information where it believes in good faith that it is necessary to respond to lawful requests, to protect its rights and property, to protect the interests of its customers or to enforce the terms of its terms of use.
Where necessary for business transaction purposes. If Coveo goes through a merger, an acquisition, a sale of all or a portion of its assets, your Personal Information may be included in the assets involved in the transfer.
6. How We Protect Your Personal Information
Coveo takes technical, physical and organisational measures to safeguard your Personal Information. These safeguards are designed to prevent the loss, theft, unauthorized access, use, disclosure, alteration or destruction of your Personal Information and are commensurate to the sensitivity of the information.
For instance, Coveo ensures that its personnel processing Personal Information is bound by appropriate obligations of privacy and confidentiality and access to Personal Information by Coveo personnel is performed on a need-to-know basis.
7. Retention of Personal Information
Coveo will retain your Personal Information for the period necessary to fulfil the purpose for which it was intended, as outlined in this Notice unless a longer period is required by law.
8. Your Privacy Rights
You may have certain rights relating to your Personal Information, subject to domestic data privacy laws. This may include:
- the right to access and receive a copy of your Personal Information, or specific pieces of Personal Information, in a readable format;
- the right to know the categories of sources from which your Personal Information was collected;
- the right to know the categories of third-parties with whom your Personal Information was shared;
- the right to rectify inaccurate or outdated Personal Information we hold about you and to ensure that it is complete;
- the right to erase your Personal Information, under specific circumstances;
- the right to restrict the processing of your Personal Information;
- the right to ask us to transfer your Personal Information to another controller, when technically feasible, in a format commonly used;
- the right to object to the processing of your Personal Information, when the processing of your Personal Information is based on our legitimate interests or when used for direct marketing purposes. In particular, if you do not want to be on our mailing list, you can opt out anytime here;
- the right to opt-out of certain disclosures of your Personal Information to third-parties;
- the right not to be subject to a decision based solely an automated decision-making, including profiling, which produces legal effects or otherwise significantly affects you (“Automated Decision Making”) ; and
- the right to lodge a complaint before a regulator or a supervisory authority about our processing of your Personal Information.
In order to exercise your rights with regard to your Personal Information in our possession, please contact privacy@coveo.com. Coveo will treat your request in accordance with applicable domestic laws.
Coveo will not discriminate against you for exercising your rights described above or offer you financial incentives related to the use of your Personal Information.
9. International Transfers
Coveo has facilities and employees in different countries around the world. This includes Canada, the EEA, the UK and the US. We may also partner with third parties located or that host your Personal Information on our behalf outside of your state or province in order to conduct our business. For instance, most of our service providers host your Personal Information in the US. Therefore, your Personal Information may be transferred and/or accessed outside your country or province of residence. When we send your Personal Information across borders, we will process it only for the purposes outlined in this Notice and we will take steps to ensure that your Personal Information is adequately protected abroad.
Coveo relies on appropriate transfer mechanisms when transferring your Personal Information from the EEA, the UK or Switzerland to a third country. Please visit this page for more information.
Coveo also abides by the EU-US, Swiss-US Data Privacy Framework and the UK extension to the EU-US Data Privacy Framework . Please visit this page for more information.
10. Contacting us
If you have any questions about this Notice or Coveo’s privacy practices, please contact our Data Protection Officer (“DPO”) or our EU representative by clicking here or by mailing Coveo Privacy at:
- Coveo, Software Corp., Spaces Levi's Plaza, 1160 Battery Street East, Suites 100, San Francisco, CA, 94111, United States, if you reside in the United States of America, Mexico or a country in Central or South America or the Caribbean;
- Coveo Solutions, Inc., 1100 Av. des Canadiens-de-Montréal Suite #401, Montréal, QC H3B 2S2, Canada, if you reside in Canada, a Country in Asia or the Pacific region;
- Coveo (Europe) B.V., Beech Avenue, 54-80 1119 PW, Schiphol-Rijk, the Netherlands, if you reside in a country in Europe, the Middle East or Africa.
11. Modifications to the Notice
Coveo may update this Notice from time to time in order to reflect changing practices or requirements of applicable privacy laws. The legend at the top indicates when this Notice was last revised. We encourage you to regularly review this Notice to stay informed of Coveo’s processing of your Personal Information.
12. US Privacy Notice
Some U.S. States laws, including the California Consumer Privacy Act (“CCPA”), the Virginia Consumer Data Protection Act, the Colorado Privacy Act, the Connecticut Act Concerning Personal Data Privacy and Online Monitoring and the Utah Consumer Privacy Act require additional disclosure for their residents. This section solely applies to individuals residing in certain U.S. States.
Coveo collects Personal Information from different sources, as set forth in Section 2.
Coveo shares Personal Information with service providers or business partners with whom we have signed an agreement regarding the use of your Personal Information.
The table below describes what categories of Personal Information we collect about you and to whom we disclose such Personal Information. For reference, Sections 2 and 5 also provide such information.
|
Categories of Personal Information we collect |
Categories of third parties to whom we disclose Personal Information for a business purpose |
|---|---|
|
Identifiers (e.g. name, alias, postal address, unique personal identifier, email address, IP address, online identifier, account name). |
|
|
professional or employment-related Information (e.g. name of your employer, position, office location, presentations, testimonials in connection with our business activities). |
|
|
Commercial information (e.g. transaction information, financial details and payment information). |
|
|
Approximate location information (e.g. IP address, city, country). |
|
|
Internet or other electronic network activity information (browsing history, search history, information regarding your interaction with our websites or Cloud Service). |
|
|
Audio, electronic, visual and similar information, such as images and audio, video or call recordings created in connection with our business activities. |
|
|
Inferences drawn from any of the above categories of information to create a profile about a consumer’s preferences, characteristics or behaviors in relation to our Resources or Cloud Service. |
Coveo does not sell or share Personal Information for monetary consideration. We engage in routine business practices with business partners that may be considered a “sell” or “sharing” to third parties as defined under the CCPA and as described in the table below:
|
Categories of Personal Information collected |
Categories of third party recipients |
|---|---|
|
Identifiers (e.g. name, alias, postal address, unique personal identifier, email address, IP address, online identifier, account name) Internet or other electronic network activity information (browsing history, search history, information regarding your interaction with our websites or Cloud Service). Approximate location information (e.g. IP address, city, country); |
Advertising and analytics partners, as set forth in our Cookie Notice |
Coveo uses Personal Information for the purposes described in Section 3.
For information regarding the exercise of your rights, you can refer to Section 8 of this Notice. You may use an authorized agent to submit a consumer request on your behalf in which case Coveo will require a copy of your written authorization to submit the request on your behalf.
As a U.S. resident, you also have a right to opt-out of the sale or sharing of your Personal Information. You may opt-out of the sharing of Personal Information by:
- selecting the option to opt-out of the use of cookies in the cookie settings banner;
- turning on a Global Privacy Control in your web browser or browser extension. For more information on valid Global Privacy Controls, please refer to this website: https://oag.ca.gov/privacy/ccpa.
- clicking on the “unsubscribe” link at the bottom of a Coveo commercial message;
- opt-out of the use of your email address here.
- sending an opt-out request to privacy@coveo.com.
