PRIVACY POLICY

This Privacy Policy describes the ways in which Pegasystems Inc. and Pegasystems Limited (“Pegasystems,” “Pega,” “we,” “our,” or “us”) may collect, process, use, and disclose information about you through the websites, social media properties, applications, and other online services operated by us (collectively, the “Online Services”), and the choices you can make about the way your information is collected and processed through the Online Services. By using any Online Service, you consent to the processing of your information as set forth in this Privacy Policy, now and as may be amended by us from time to time.

This Privacy Policy does not apply to any third party applications or software that integrates with the Online Services, or any third party products or services. We enter into contracts with our customers (“Customers”) for Pega products and services. The processing of personal information in the context of Customer applications (“Customer Application”) that are built on or incorporate Pega software or cloud services is controlled by the Customer and is subject to the Customer’s privacy policy and practices, which may differ from this policy.

What information do we collect and receive?

We and our service providers may collect and receive both personal information and other information from a variety of sources that generally fall into three categories:

1. Direct Interactions: Data from your use of, and interaction with us through, any Online Service, social media channel and/or other activity such as account creation, Customer support requests, submissions of registrations and posting to forums, or sales inquiries and transactions.
2. Automated Interactions: Data from the use of technologies such as electronic communication protocols, cookies, embedded URLs or pixels, or widgets, buttons and tools.
3. Publicly Available Data / Data from Third Parties: Data from automated interactions on non-Pega websites, or other data you may have made publicly available, such as social media posts, or data provided by third party sources, such as marketing lists, partner referrals, or data aggregators.

1. Direct Interactions

You, or the organization you work for, may submit data that includes your name, contact information such as a physical address, email address, phone number, username, password, employer and job title, activity logs, and registration information to us when using the Online Services. We also collect and receive information when you:

• create a Pega account;
• participate in our message boards and discussion forums;
• interact with us on social media or the Online Services;
• apply for a job (our GDPR Candidate Privacy Notice can be found here;
• make a purchase (e.g., purchase credits for use at Pega Academy);
• participate in polls and surveys; register for events and self-study courses;
• sign up to receive electronic newsletters and other materials;
• download or request software, product upgrades, reports, and other information;
• submit a partner or reseller diligence questionnaire;
• submit an application for Pega Ventures; or
• contact us with a question, comment, or request, including requests for technical support.

The information that you provide us may include one or more of the following:

• your name, your photograph, your title, your company, and contact information such as your physical address, email address and phone number;
• username, password, and other registration information;
• transaction-related information;
• information you provide when submitting a support request;
• information you provide when submitting an employment application;
• information you provide when you make a request or otherwise contact us;
• information about your business, business plans and other items or materials contained in your application for Pega Ventures and other partner programs; and
• any other information you choose to make public on the Online Services (e.g., information shared with other users on Pega Community, Pega Mesh, the Pega Discovery Network, www.pega.com, and other online communities (collectively, “Online Communities”).

When you use an Online Service, such as for training courses on Pega Academy, we will collect and store information about your use of these services, including courses you have registered for, courses you have completed, and certifications that you have received.

2. Automated Interactions

We and our service providers may automatically collect certain technical information from your computer or mobile device over time and across different websites when you use an Online Service, such as your Internet Protocol address, your browser type, your operating system, the pages you view on the Online Service, the pages you view immediately before and after you access the Online Service, and the search terms you enter on the Online Service. This information allows us to recognize you and personalize your experience if you return to an Online Service, to improve the Online Services and the products and services we provide, and to provide you with advertisements targeted to your interests (commonly referred to as “Targeted Advertisements”). We and our service providers may collect and store this information using “cookies,” which are small text files that many websites save on your computer when you visit and access when you return, or similar technologies. For more information about the use of cookies on the Online Services, please review your Cookie Preferences, available by clicking on the Cookie Preferences link on www.pega.com.

We and our service providers also use Google Analytics, which collects and processes certain technical information from your computer or mobile device such as the web address of the page that you are visiting and your Internet Protocol address. More information can be found at “How Google uses data when you use our partners’ sites or apps,” located at https://www.google.com/policies/privacy/partners. To opt out from collection of your information via Google Analytics, please visit https://tools.google.com/dlpage/gaoptout.

To customize your experience, our mobile applications may collect precise information about the location of your mobile device, but only with your express consent. Once you have consented to the collection of the precise location of your mobile device, you may adjust this consent by managing your location services preferences through the settings of your mobile device.

3. Publicly Available Data / Data from Third Parties

We may collect or receive information about you from public sources and various third parties. Information from public sources may include identity and contact data obtained from search information providers such as Google or social media such as LinkedIn. On occasion, we may purchase third-party lists to send direct marketing communications.

How do we use this information?

Personal data transferred to us by a Customer (“Customer Data”) will be processed in accordance with the Customer’s instructions as set forth in our contract with that Customer (“Customer Agreement”), and as required by applicable law. Customer may use our cloud service to: grant and remove access to a Customer Application; assign roles and configure settings, access, modify, export, share and remove Customer Data; and otherwise apply its policies to the Customer Application. If your personal information is being processed as Customer Data and you wish to exercise any rights you may have to access, correct, update, port or delete such personal information, please inquire directly with the Customer.

We may process and use your personal data and other information that we collect or receive for a number of purposes as necessary to fulfill contractual obligations and other lawful bases, such as our legitimate interest in engaging in commerce, offering products and services, performing due diligence on customers, prospects and business partners, preventing fraud, ensuring information and network security, conducting direct marketing and complying with industry practices, including:

• delivering and performing an Online Service;
• providing you with the products, services, or information you request;
• supporting your Customer or partner relationship with us (e.g., notifying you of a product update or for billing, account management and other administrative matters);
• processing any transactions you have authorized;
• processing an employment application;
• verifying your identity;
• evaluating your application for Pega Ventures and other partner programs;
• providing you with information about an Online Service or required notices;
• delivering Targeted Advertisements and other marketing communications, promotional materials, or advertisements that may be of interest to you (e.g., if you view a webpage about a particular product or service, we or a service provider of ours may later display an advertisement for a related product or service on a different webpage that you visit through an Online Service or on another website that has a relationship with the service provider);
• allowing us to improve an Online Service and the products and services we provide, such as by better tailoring our content to users’ needs and interests;
• developing new products, facilitating product, software and applications development and conducting research, analysis, studies or surveys and identifying usage trends;
• generating and analyzing statistics about your use of an Online Service; and
• detecting, preventing, and responding to fraud, intellectual property infringement, violations of our Terms of Use, violations of law, or other misuse of an Online Service.

We may use your personal information to interact with you on third party social networks. Our interactions with you on a third party social network is subject to that network’s privacy policies and terms of use.

We provide social computing tools on some of our websites to enable online sharing and collaboration among members who have registered to use them. These include forums, wikis, blogs and other social media platforms. Information will be subject to and protected in accordance with this Privacy Policy, except for the information that is automatically made available to other participants as part of your profile or information you post on blogs and forums.

We may combine or aggregate any of the information we collect or receive through the Online Services or elsewhere (e.g., through telephone, email, interactions on social media, or personal contact with us or our employees, product registration, call centers, or public events such as trade shows or seminars) for the purposes listed above.

When you make a purchase using a credit card on the Online Services, your credit card information is transmitted directly to our third-party payment processor. We do not store your credit card information and the third-party payment processor does not share your credit card information with us.

If you submit an application for Pega Ventures or other partner programs, we may use your application and all information and materials included in your application for conducting due diligence, evaluating potential business transactions and tracking applicants, founders, investors and companies.

To the extent that our processing of your personal data is subject to the General Data Protection Regulation, we may rely on the legal bases described above to process your personal data. We may also process your personal data for direct marketing purposes and you have a right to object to our use of your personal data for this purpose at any time.

If you believe our processing of your personal data is inconsistent with applicable data protection laws, you may lodge a complaint with your local supervisory data protection authority.

Under what circumstances do we disclose this information?

We may disclose the information we collect and receive about you to:

• our affiliates and subsidiaries for business purposes, including customer support, marketing, technical operations and account management purposes;
• service providers and suppliers who work on our behalf and who have agreed to keep the information confidential and use the information solely to carry out the services that they are performing for us, including hosting, storage, data analysis, implementation, and assisting us with reviewing your application for Pega Ventures and other partner programs;
• third parties for marketing, advertising, events, promotions or other similar purposes;
• your employer if it is our Customer or partner;
• other users of our Online Services, consistent with your privacy settings;
• as required by law, such as to comply with a subpoena or other legal process, a court order, or government reporting obligations;
• other third parties with your consent;
• when we believe in good faith that disclosure is necessary (a) to protect our rights, the integrity of any Online Service, or your safety or the safety of others, or (b) to detect, prevent, or respond to fraud, intellectual property infringement, violations of our Terms of Use, violations of law, or other misuse of any Online Service; and
• service providers, advisors, and other third parties to the extent reasonably necessary to proceed with the negotiation or completion of a merger, acquisition, financing, public offering of securities, reorganization, or sale of all or a portion of our assets.

In addition, we may share de-identified information, such as reports on user demographics and traffic patterns, with third parties. We will not sell, rent, or lease information that can personally identify you to others except as described in this Privacy Policy.

We may enable you to post information to certain parts of the Online Services, such as the Online Communities. Information you disclose through any Online Communities may be publicly available. We urge you to exercise discretion and caution when deciding to disclose personal information, or any other information, through any Online Community. By using any Online Service you agree to adhere to all applicable copyright laws.

An Online Service also may contain links to third-party websites and applications for your convenience and information. We do not control those third-party websites and applications or their privacy practices, which may differ from our own. You acknowledge and agree that we are not responsible for the collection and use of your information by third-party websites and applications that are not under our control, and such information is not governed by this Privacy Policy.

How is your information secured?

We strive to maintain reasonable and appropriate administrative, technical, and physical safeguards designed to safeguard the information collected by the Online Services from loss, misuse, and unauthorized access, disclosure, alteration and destruction, taking into account the risks involved in the processing and the nature of the information. However, no information system can be 100% secure, so we cannot guarantee the absolute security of your information. Moreover, we are not responsible for the security of information you transmit to the Online Services over networks that we do not control, including the Internet and wireless networks.

Controller of Data

Data protection laws in certain jurisdictions differentiate between the “controller” and “processor” of personal data. In general, our Customers are the controller of Customer Data and we are the processor of Customer Data. For other personal data, we may be the controller of such personal data. Different Pegasystems entities provide the Online Services in different parts of the world. For Customer Data, the processor is the entity with which the Customer has contracted to provide the Customer Application. Our contact information for Customers is contained in the relevant Customer Agreement. For other personal data, Pegasystems Inc. is the controller, if applicable, and you may contact us at privacy@pega.com.

Data Retention

We will retain Customer Data in accordance with the applicable terms in the Customer Agreement, and as required by applicable law. The Customer may be able to customize its retention settings and apply those customized settings depending on the Pega product.

We may retain other information pertaining to you for as long as necessary for the purposes described in this Privacy Policy. This may include keeping your personal data after you have deactivated your Pega account for the period of time needed for us to pursue legitimate business, conduct audits, comply with (and demonstrate compliance with) legal obligations, resolve disputes and enforce our agreements.

Where is this information processed?

Information collected through the Online Services will be processed using resources and servers located in various countries around the world, including Australia, Brazil, Canada, United Kingdom, Germany, Ireland, Japan, Singapore and the United States. Therefore, your personal information may be transferred, processed and stored outside the country where the Online Services are accessed or performed. By using an Online Service, you consent to such transfer to, and processing and storage in, the United States and these other countries.

International Transfers from the European Union

In addition to the Standard Contractual Clauses in place between us and our affiliates within and outside the EU, we comply with the EU-U.S. Privacy Shield Framework and the Swiss – U.S. Privacy Shield Frameworks administered by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States, respectively. We have certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/. Upon request, we will make a copy of its Standard Contractual Clauses available for inspection.

In compliance with the Privacy Shield Principles, we commit to resolve complaints about our collection or use of your personal information. Individuals in the European Union and Switzerland with inquiries or complaints regarding our Privacy Shield policy should first contact privacy@pega.com. We will respond to your inquiry promptly. We have further committed to cooperate with EU and Swiss data protection authorities (DPAs) with regard to unresolved Privacy Shield complaints concerning data transferred from the European Union and Switzerland. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact the EU and Swiss DPAs for more information or to file a complaint. The services of EU and Swiss DPAs are provided at no cost to you.

If we transfer personal information received under the Privacy Shield to a third party, the third party’s access, use, and disclosure of the personal data must also be in compliance with our Privacy Shield obligations, and we will remain liable under the Privacy Shield for any failure to do so by the third party unless we prove we are not responsible for the event giving rise to the damage.

Our organization is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). Under certain conditions, an individual can invoke binding arbitration. We will disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Your choices

You have the ability to access your Pega account and modify your Pega account information online by visiting https://accounts.pega.com/user/login. By going to our Preference Center you may also (i) manage what types of email you receive from us, (ii) update your contact information, and (iii) change how we process your information.

You may set your cookie preferences by clicking on the Cookie Preferences link on www.pega.com. If you do not want the Online Services to collect information through the use of cookies, you can set your web browser to reject cookies from the Online Services. Each browser is different, so you should check your browser’s “Help” menu to learn how to change your cookie preferences. Blocking or rejecting cookies from the Online Services will impact your ability to use features and functionality of, and may prevent access to, the Online Services.

Your rights

If you reside in certain countries, including within the European Union, you may have one or more of the following rights available to you under data protection laws in relation to your personal data: the right to access, update, correct, receive, port, object, delete or restrict processing of your personal data.

• Access – To request access your personal data that we have collected, please contact privacy@pega.com.
• Update or Correct – To update or correct your personal data, you can usually do this by updating your Pega account. If you already have a Pega account go to https://accounts.pega.com/user/login. If you want to create a Pega account, go to https://accounts.pega.com/register. Otherwise, please contact privacy@pega.com.
• Port– To request a copy of your personal data that we have collected about you in a commonly used and machine-readable format, please contact privacy@pega.com.
• Object– To object to processing of your personal data please contact privacy@pega.com.
• Delete or Restrict Processing – To delete or change how we process your personal data for marketing purposes, please go to our Preference Center and follow the instructions. To request deletion of all your personal data from our databases please email privacy@pega.com.

If your personal data is processed based on your consent, you may withdraw your consent at any time, without affecting the lawfulness of our processing based on such consent before it was withdrawn.

To exercise any of the above-listed rights (with the exception of the right to lodge a complaint with a DPA, which you may do directly to a DPA), please follow the instructions above or contact us at privacy@pega.com. We will process any requests in accordance with applicable laws and within a reasonable period of time (e.g., 30 days for certain requests under the General Data Protection Regulation). We may need to verify your identity before processing your request.

Children's information

The Online Services are not directed to, nor do we knowingly collect information from, children under the age of 16. If you become aware that your child or any child under your care has provided us with information without your consent, please contact us at the contact information listed below.

Changes to this Privacy Policy

If we update this Privacy Policy, we will notify you by posting a new Privacy Policy on this page and updating the revision date below. If we make any revisions that materially change the ways in which we use or disclose the information previously collected from you through an Online Service, we will give you the opportunity to consent to such changes before applying them to that previously collected information.

Contact us

If you have any questions about this Privacy Policy or our use of your information collected through the Online Services, please contact privacy@pega.com. Our address is Pegasystems Inc., One Rogers Street, Cambridge, MA 02142 Attn: Chief Compliance Officer.

Revision date: September 26, 2018