On July 16, 2020, the Court of Justice of the European Union (“CJEU”) invalidated the EU-US Privacy Shield mechanism on the ground that it does not ensure guarantees essentially equivalent to those required by the GDPR and the Charter of Fundamental Rights of the European union for a transfer from the European Economic Area (“EEA”) to a third country. The Federal Data Protection and Information Commissioner of Switzerland issued a similar opinion. For more information, please refer to the Privacy Shield website.
Therefore, Coveo Software Corp. and its affiliate, Qubit Inc. (“Coveo” or “we”) do not rely on the Privacy Shield Framework as a transfer mechanism pursuant to the GDPR but continue to abide by its principles, as described below.
Scope.
Coveo abides by the Privacy Shield frameworks set forth by the U.S. Department of Commerce regarding the collection, use and retention of Customer Personal Data and Personal Data (as defined below) collected by organizations in the European Economic Area (“EEA”), the United Kingdom (“UK”) and Switzerland (“Privacy Shield”). Coveo has certified that it adheres to the Privacy Shield principles (the “Principles”). If there is a conflict between the terms of this policy and the Principles, the Principles shall govern. For more information on the Privacy Shield, including the Principles, please visit this website.
Definitions.
“Cloud Service” means cloud-based services provided by Coveo to its customers pursuant to a written agreement.
“Customer Personal Data” means Personal Data that Coveo customers and their authorized users upload and store on the Cloud Service.
“Personal Data” means any information that: (a) relates directly or indirectly to a natural person and; (b) that is received by Coveo in the U.S. from the EEA, the UK or Switzerland.
Personal Data Collected.
Coveo collects and uses Customer Personal Data on behalf of its customers and following their written instructions. It also collects Personal Data for other purposes. This includes, but is not limited to: browsing information and cookie information on Coveo’s websites, information submitted to us or received from our business partners in connection with the Cloud Service (which mainly include business contact information and payment and billing information), information regarding our customers’ use and configuration of the Cloud Service.
Purposes of the processing.
We collect and use Customer Personal Data for the purpose of providing or improving the Cloud Service to our customers. We also process Personal Data for other purposes, which include:
- handle contact and assistance requests;
- provide the Cloud Service and related services;
- send marketing communications;
- assess new customer or partner opportunities.
Third-party Disclosure.
Coveo discloses Customer Personal Data to authorized third-party providers and affiliates in order to help provide the Cloud Service, as set out in the applicable written agreement with its customers. Customer Personal Data may also be disclosed in the following situations:
- in the event Coveo sells or transfers parts or all of its business or assets in which case Customer Personal Data will be among the assets transferred;
- to respond to lawful requests by competent authorities (subpoena, court order, governmental or supervisory authority requests);
- if otherwise required by applicable laws.
Coveo discloses Personal Data with its affiliates, service providers or business partners where it is necessary for the provision of services to Coveo or to perform the purposes described in this notice. Coveo may also share Personal Data where required by law.
Right to access.
Individuals whose Customer Personal Data is collected and processed by Coveo on behalf of its customers and who seek to correct, amend or delete that information where it is unaccurate or has been processed in violation with the Principles should direct their request to the Coveo customer. Coveo will assist its customers in handling your request, where appropriate.
If you wish to exercise your right to access, correct or delete Personal Data, please contact us by using the contact information described below.
Choice and means.
Coveo offers individuals the opportunity to choose whether their Personal Data is: (i) to be disclosed to a third-party; or (ii) to be used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by the individuals.
In some instances, Coveo will not offer an opportunity to opt-out where the Personal Data is disclosed to a third-party that provides services on behalf and under the instructions of Coveo or when it is required by law or legal process.
Individuals who wish to limit the use and disclosure of their Customer Personal Data should direct their request to the Coveo customer.
Dispute resolution.
Please contact us here or by mail as indicated below if you have any inquiries or complaints regarding Coveo’s compliance with the Principles. If your complaint regarding Coveo’s Privacy Shield compliance is not resolved by contacting us, you may seek resolution via the JAMS International Mediation Rules at no cost to you The JAMS complaint form can be found here. The JAMS Mediation Rules are fully described here.
Under certain circumstances, more fully described on the Privacy Shield website, you may invoke binding arbitration before the Privacy Shield Panel when other dispute resolution procedures have been exhausted.
Investigatory and legally required disclosure.
Coveo is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC), the Department of Transportation or any other U.S authorized statutory body. In certain situations, we may be required to disclose your Personal Data or Customer Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Liability for onward transfers.
Coveo remains liable under the Principles if the third-parties to whom it transfers Personal Data or Customer Personal Data processes such information in a manner inconsistent with the Principles, unless we prove that we are not responsible for the event giving rise to the damage.
Contact Us
If you have any questions regarding our privacy practices or our compliance with the Privacy Shield Framework, please contact us at privacy[@]coveo.com or by regular mail addressed to:
Coveo Software Corp.
Attn: of the Legal Department
Spaces Levi's Plaza, 1160 Battery St E., Suite 100, San Francisco, CA 94111 United States
You may also contact or European affiliate, Coveo (Europe) B.V. at:
Beech Avenue 54-62 1119PW Schiphol-Rijk, the Netherlands.
