< Back to Legal Center

US Data Privacy Framework

Last update: January 10, 2025
Previous update: July 25, 2023
US Data Privacy Framework

Scope

Coveo Software Corp. and its affiliate, Qubit Inc. (“Coveo” or “we”) complies with the EU-US Data Privacy Framework (“EU-US DPF”), the Swiss-US Data Privacy Framework (“Swiss-US DPF”) and the UK Extension to the EU-US DPF as set forth by the U.S. Department of Commerce regarding the collection, use and retention of Customer Personal Data and Personal Data (as defined below) collected by organizations in the European Economic Area (“EEA”), Switzerland and the United Kingdom (“UK”). Coveo has certified to the U.S. Department of Commerce that it adheres to the EU-US DPF Principles, the Swiss-US DPF Principles and the UK Extension to the EU-US DPF (the “Principles”) with respect to such data. If there is a conflict between the terms of this notice and the Principles, the Principles shall govern. For more information on the Data Privacy Framework, including the Principles, please visit this website

Definitions

Cloud Service” means cloud-based services provided by Coveo to its customers pursuant to a written agreement.

Customer Personal Data” means Personal Data that Coveo customers and their authorized users upload and store on the Cloud Service.

Personal Data” means any information that: (a) relates directly or indirectly to a natural person and; (b) that is received by Coveo in the U.S. from the EEA, the UK or Switzerland. 

Personal Data Collected

Coveo collects and uses Customer Personal Data on behalf of its customers and following their written instructions. It also collects Personal Data for other purposes. This includes, but is not limited to: browsing information and cookie information on Coveo’s websites, information submitted to us or received from our business partners in connection with the Cloud Service (which mainly include business contact information and payment and billing information), information regarding our customers’ use and configuration of the Cloud Service. 

Purposes of the processing

We collect and use Customer Personal Data for the purpose of providing or improving the Cloud Service to our customers. We also process Personal Data for other purposes, which include: 

  • handle contact and assistance requests;
  • provide the Cloud Service and related services;
  • send marketing communications;
  • assess new customer or partner opportunities.

Third-party Disclosure

Coveo discloses Customer Personal Data to authorized third-party providers and affiliates in order to help provide the Cloud Service, as set out in the applicable written agreement with its customers. Customer Personal Data may also be disclosed in the following situations:

  • in the event Coveo sells or transfers parts or all of its business or assets in which case Customer Personal Data will be among the assets transferred;
  • to respond to lawful requests by competent authorities (subpoena, court order, governmental or supervisory authority requests);
  • if otherwise required by applicable laws.

Coveo discloses Personal Data with its affiliates, service providers or business partners where it is necessary for the provision of services to Coveo or to perform the purposes described in this notice. Coveo may also share Personal Data where required by law. 

Right to access

Individuals whose Customer Personal Data is collected and processed by Coveo on behalf of its customers and who seek to correct, amend or delete that information where it is unaccurate or has been processed in violation with the Principles should direct their request to the Coveo customer. Coveo will assist its customers in handling your request, where appropriate.

If you wish to exercise your right to access, correct or delete Personal Data, please contact us by using the contact information described below. 

Choice and means

Individuals have the right to choose (i.e., opt-out) whether their Personal Data is: (i) to be disclosed to a third-party; or (ii) to be used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by the individuals. 

In some instances, Coveo will not offer an opportunity to opt-out where the Personal Data is disclosed to a third-party that provides services on behalf and under the instructions of Coveo or when it is required by law or legal process. 

Individuals who wish to limit the use and disclosure of their Customer Personal Data should direct their request to the Coveo customer. 

Dispute resolution

In compliance with the EU-US DPF, the Swiss-US DPF and the UK Extension to the EU-US DPF, Coveo commits to resolve DPF-Principles-related complaints about our compliance with the Principles. EU, Swiss and UK individuals with inquiries or complaints regarding our handling of Personal Data or Customer Personal Data received in reliance on the EU-US DPF, the Swiss-US DPF or the UK Extension to the EU-US DPF should first contact Coveo here or by mail as indicated below. We will respond to your request within 45 days. In compliance with the EU-US DPF, the Swiss-US DPF and the UK Extension to the EU-US DPF, Coveo commits to refer unresolved complaints regarding the above to the US-based JAMS International Mediation Rules, an alternative dispute resolution provider. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit the JAMS complaint form which can be found here. The JAMS Mediation Rules are fully described here. The JAMS services are provided at no cost to you. 

Under certain circumstances, more fully described on the Data Privacy Framework website, you may invoke binding arbitration before the Data Privacy Framework Panel when other dispute resolution procedures have been exhausted.

Investigatory and legally required disclosure

The Federal Trade Commission (FTC) has jurisdiction over Coveo’s compliance with the EU-US DPF, the Swiss-US DPF and the UK Extension to the EU-US DPF. In certain situations, we may be required to disclose your Personal Data or Customer Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.. 

Liability for onward transfers

Coveo remains liable under the Principles if the third-parties to whom it transfers Personal Data or Customer Personal Data processes such information in a manner inconsistent with the Principles, unless we prove that we are not responsible for the event giving rise to the damage. 

Contact Us

If you have any questions regarding our privacy practices or our compliance with the EU-US DPF, the Swiss-US DPF and the UK Extension to the EU-US DPF, please contact us at privacy@coveo.com or by regular mail addressed to:

Coveo Software Corp.

Attn: of the Legal Department

Spaces Levi's Plaza, 1160 Battery St E., Suite 100, San Francisco, CA 94111 United States

You may also contact or European affiliate, Coveo (Europe) B.V. at:

Beech Avenue 54-80 1119 PW Schiphol-Rijk, the Netherlands.

drift close

Hey 👋! Any questions? I can have a teammate jump in on chat right now!

drift bot
1