GARTNER PRIVACY POLICY

Effective Date: September 2020

Gartner and its affiliates are committed to protecting your information. Please read this Privacy Policy ("the Policy") carefully as it sets out important information relating to how we handle your personal information.

Gartner companies issuing the Policy

In this Policy, references to "we," "us," or "Gartner" are references to Gartner Inc. and all its group companies doing business under the Gartner name listed here. Certain Gartner products and/or services which may be linked through www.gartner.com or Gartner group companies with different business models have their own applicable privacy policies, and this Policy does not apply to them. Those companies include EvantaGartner Digital Performance BenchmarksGartner Consumer and Culture Insights, and the Gartner Digital Markets Companies of CapterraGetApp and Software Advice.     

Gartner and all its group companies will have access to information on individuals covered by this Policy. A list of our entities can be found here.

How to Contact Us

Questions, comments and requests regarding this Privacy Policy should be addressed to our Data Protection Office via email at privacy@gartner.com or regular mail at:

Global Data Protection Office
Legal Department
56 Top Gallant Road
Stamford, CT 09602
USA

Introduction

This Policy sets out how we collect and use personal information, and your choices and rights regarding our use of your personal information.

This Policy describes our practices when using your information when you: 

  1. express an interest in or have signed up for our conferences or products including newsletters, apps, extensions, webinars, and e-books, or activate your Gartner user account and/or license;
  2. attend a Gartner conference; or
  3. visit our websites (including our public and/or member-based websites) or social media sites.

This Policy also applies to information we collect from you via our survey or diagnostic tools as outlined in more detail below. You may be shown an additional confidentiality notice before participating in a survey or diagnostic. Please note that in cases where the terms of any such survey- or diagnostic-specific confidentiality notice conflict with any terms in this Policy, the terms of that notice will take precedence over the terms in this Policy. We will not use information we collect via our survey or diagnostic tools to contact you for marketing purposes.

If you participate in the Shared Services Leadership Council, please refer to the information in the section below for Shared Services-specific terms.

This Policy will apply whether you have provided the information directly to us or we have obtained it from a different source, such as a third party.    

1. INFORMATION THAT WE COLLECT ABOUT YOU

1.1 Data collection and use

Information we collect directly from you or from the following sources:

  • Third party referrals including from within the Gartner group;
  • Social media sites and other public internet sites, such as LinkedIn; and
  • Public resources such as telephone directories, newspapers, internet sites, commercially available marketing lists, registries or public records.

Categories of information we collect about you include:

  • Personal information such as name and title, contact details, and company name;
  • Communications with you;
  • Information you provide when posting content on social media sites.

We use this information for certain activities, including:

  • Facilitating the business through communication with corporate clients and other business contacts, for example, to communicate about vendor briefings or details of conferences or webinars;
  • For internal analysis and research to help us improve our services;
  • To send marketing to business contacts regarding our services and products which may be of interest and to promote our business and brand;
  • Administering our website, investigating any complaints and providing customer service;
  • Monitoring social media content to manage relations with our clients and promote our business and brand.    

We use this information because:

  • It is necessary to perform our obligations or exercise our contractual rights;
  • It is necessary to comply with applicable laws or regulations;
  • We have a legitimate business interest to:
    • Manage and promote our business and brand;
    • Provide and improve our services;
    • Operate our business; and
  • We have your consent (where required under applicable law) to use your information for marketing. Where we rely on your consent, you have the right to withdraw consent by contacting us

Information we collect when you attend one of our virtual or destination conferences:

Categories of information we collect about you include:

  • Information you provide during registration, such as name, business email address, profile photograph, job title, professional interests, requested accommodation, and payment card information;
  • Information you provide throughout the conference to receive additional Gartner research or materials (e.g. via badge scan or QR scan);
  • Geo-location information at a destination conference (if you attend a conference where we are using RFID-enabled badges and you do not request a non-RFID-enabled badge);
  • Information collected when we record one of our conferences.    

We use this information for certain activities, including:

  • Enabling you to attend our conferences;
  • Conducting our conferences;
  •  Sending Gartner research and material related to topics that may be of interest to you;
  • Analyzing attendee interests in and interactions with the conference, including through geo-location data for destination conferences, where applicable;
  • Marketing our conferences through the use of video;
  • Providing recordings of certain conference sessions to interested business contacts, attendees, and online through our website or Gartner social media sites.    

We use this information because:

  • It is necessary to perform our obligations or exercise our contractual rights;
  • It is necessary to comply with applicable laws or regulations;
  • We have a legitimate business interest to:
    • Manage and promote our business and brand;
    • Operate our conferences business;
    • Provide and improve our services;
    • Collect relevant information for hospitality and health and safety purposes.    

Information we collect from users of:

  • Our public and member-based websites;
  • Our apps and Gartner Everywhere browser extension; and
  • Gartner social media sites such as Facebook or Twitter.

Categories of information we collect about you include:

  • Information you provide when you enter information on our website, such as when you provide contact details, payment card information, answer online questionnaires, or feedback forms;
  • Information you provide when you subscribe to email newsletters such as name, email address, job title;
  • Information you provide when registering for an online or member account, including name, business or personal email address, job title, organization, organization’s physical address, direct telephone number, photograph, and biographical details;
  • Where you have an online or member account, log-in credentials and information about your use of and preferences for these services;
  • When you link your Gartner account with your LinkedIn profile, we collect information from your profile, including your profile photograph;
  • URLs of webpages visited when you use Gartner Everywhere. 

We use this information for certain activities, including:

  • Enabling you to access your Gartner accounts across devices;
  • Personalizing your experience of our website, extension and apps;
  • Administering our website, extension, and apps;
  • Enabling peer networking opportunities based on your background and experience;
  • Providing more customized client service;
  • Investigating complaints;
  • Monitoring social media content to manage relations with our clients and promote our business and brand.    

We use this information because:

  • It is necessary to perform our obligations or exercise our contractual rights;
  • It is necessary to comply with applicable laws or regulations;
  • We have a legitimate business interest to:
    • Promote our brand and business through our website and through social media tools;
    • Monitor, investigate and report any attempts to breach the security of our website;
    • Provide and improve our services including, but not limited to, the Gartner Everywhere extension and our apps;
    • Operate our business;
  • We have your consent (where required under applicable law) to use your information for marketing. Where we rely on your consent, you have the right to withdraw consent by contacting us.    

Information we collect about the use of our website and apps from users.

Categories of information we collect about you include:

  • Information captured in our web logs such as device information (e.g. device brand and model, screen dimensions), unique identification numbers (e.g. IP address and device ID), and browser information (e.g URL, browser type, pages visited, date/time of access), geo-location and other device-specific information, Internet connection information;
  • Advertising information (such as size/type of ad, ad impressions, location/format of ad, data about interactions with ad);
  • Behavioral information (such as information on the behavior or presumed interests of individuals which are linked to those individuals and may be used to create a user profile); and
  • Information captured by our cookies (see our Cookie Policy).

We use this information for certain activities, including:

  • Personalizing the experience of our website;
  • Administering our website;
  • Performing statistical and trend analysis to improve the user experience and performance of our website;
  • Providing better, more customized client service;
  • Investigating any complaints.    

We use this information because:

  • It is necessary to comply with applicable laws or regulations;
  • We have a legitimate business interest to:
    • Monitor, investigate and report any attempts to breach the security of our websites;
    • Improve the performance and user experience of our websites;
    • Customize the client experience.    

Information we collect from participants of a survey or diagnostic.

Categories of information we collect about you include:

  • Personal information such as name and title, contact details, and company name; and
  • Demographic information provided by your employer and
  • Responses to survey or diagnostic questions.

We use this information for certain activities, including:

  • Validating and analyzing survey and diagnostics;
  • Conducting general research, including creating or updating aggregate benchmark data sets and reports;
  • Providing our services; and
  • Developing new products and services.

We use this information because:

  • We have a legitimate business interest to:
    • Provide and update benchmark data and analysis; and
    • Validate and update our products and services.

1.2 Special categories of information

Certain types of personal information are more sensitive than others. This includes information about health, disability, race, ethnicity, criminal offences (or alleged offences), political opinions, biometric information or religion. It is voluntary for you to disclose this information, but where we collect and receive these types of information about you, we have identified the type of special information, how we will use it and why we will use it.

Information we collect when you attend one of our virtual or destination conferences

Categories of information we collect about you include:

  • Dietary requirements that may imply specific religious beliefs or medical conditions.
  • Any physical or mental disability or impairment you may disclose to us.

We use this information for certain activities, including:

  • Providing hospitality that is suitable for attendees of our conferences.

We use this information because:

  • You have consented by providing us with the information. Where we rely on your consent, you have the right to withdraw your consent by contacting us.

1.3 Further information

Where we collect and use information for our legitimate interests as mentioned above, a legitimate interest will only apply when we consider that your interests or rights requiring protection of your personal information do not override our legitimate interests. For more information regarding our legitimate interests as applied to your personal information, please contact us.

Our websites and online services are for individuals who are at least 18 years old. Our online services are not designed to be used by individuals under the age of 18.

In certain circumstances, if you do not provide personal information which is required (for example, in relation to activating your Gartner license), we will not be able to perform our contractual obligations or provide you with products and services. When this is the case, we will make it clear. 

Recorded Communications with Gartner

We may ask to record calls for training, quality and research purposes. All recordings will be treated as confidential. If you do not want us to record your call, you will be given a chance to opt out. If your call is already in progress, you may ask us to turn off the recording at the start of the call. 

Communication with Colleagues

You may use the send-to-colleague functionality on some of our sites or apps to send your colleagues information from Gartner or its subsidiaries. In order to fulfil this request, we will ask you for your and your colleagues' names and email addresses. We do not retain this data after the email is sent. Please be aware that your name and email address may be included in the communication sent to your colleague.

Payment Card Information

Where you choose to pay for any Gartner products or services using your payment card, we will collect your personal data connected to your payment card. We use this personal data in order to process your payment and to prevent fraudulent transactions. We do this on the basis of your consent to process this information.

My Favorites

The My Favorites feature of the member websites allows clients to save content available to the member’s Favorites list, add labels, tags, and notes to saved content, and share content and notes with and receive content and notes from other clients. We may review information about your use of My Favorites, including the content you save, folders you create, any tags, labels, or notes you add to your saved content or folders you have created, and any content that you share, and use such information to recommend content, tools, or other Gartner services we think may be of interest to you. Information about your use of My Favorites will only be accessible to Gartner and will not be visible to or otherwise shared with other Gartner clients unless you choose to share it.

Restricted Areas

If you access the Restricted Areas of any of our sites (via browser or a Gartner app), we may collect information about your access to and use of research materials, decision-support tools, and other online and offline resources we offer.

General Benchmarking and Research Purposes

Gartner and its affiliates may use information disclosed through surveys or diagnostics or otherwise provided to or generated by Gartner or its Affiliates (collectively “Research Data”) for validation, research and benchmarking purposes and product development. Unless otherwise specified prior to collection, Research Data will be disclosed in the aggregate and presented in anonymous form and will not include (directly or by inference) any information identifying participating organizations or any identifiable individual as the source of such data. Access to Research Data will be restricted to those individuals who need such access to deliver Gartner products and/or services.

2. WHEN WE DISCLOSE YOUR PERSONAL INFORMATION

We may disclose your personal information to third parties as follows:

  • To Gartner group companies in order to process the data for the above mentioned purposes;
  • When we have your consent to do so, e.g., when you have provided your details to a conference exhibitor via badge scan or attended a virtual sponsored session;
  • To third parties who work on our behalf to service or maintain business contact databases and other IT systems, e.g., suppliers of the IT systems which we use to process personal information, or who provide other technical services, such as printing;
  • To third parties providing services to us or on our behalf who have a need to access your information, e.g., our professional advisors (e.g. auditors and lawyers) or venues for our conferences;
  • To comply with applicable laws, protect rights, safety and property, and respond to lawful requests from public authorities (e.g., disclosing data in appropriate situations for national security or law enforcement purposes);
  • Subject to applicable law, in the event that Gartner is merged, sold, or in the event of a transfer of some or all of our assets (including in bankruptcy), or in the event of another corporate change, in connection with such a transaction, or for pre-transaction review in relation to such transactions.

Your personal information may be shared if we anonymize and/or aggregate it, as in these circumstances the information will cease to be personal information.

Utilization Information

We may share information with our organizational clients about how their employees use the sites and the resources available to them through the sites (e.g., how employees used certain features of the sites, utilization trends, which features were most popular with the client’s employees).

3. DATA SUBJECT RIGHTS

In certain circumstances, you have certain rights regarding your personal information. A summary of each right and how you can exercise it is set out below. To exercise any of these rights, please contact us. Such requests should include information to allow us to verify your identity(e.g., your name, address, email address or other information reasonably required). If you are a California resident, please refer to Section 11 below for more detailed information on your rights under California law. 

Where we receive your request to exercise one of these rights, we will respond without undue delay and within the time required by applicable law. This may be extended in certain circumstances, e.g., where requests are complex or numerous.

We will provide the information free of charge, except where requests are manifestly unfounded or excessive, e.g. because of their repetitive character. In these circumstances we may charge a reasonable fee or may refuse to act on the request. We will advise you of any fees prior to proceeding with a request. We may ask for additional information to verify your identity before carrying out a request.

Right

How you can exercise the right

Right to access and/or correct your personal information

You have the right to access personal information we hold about you and to be provided with a copy of the information (in most circumstances). You also have the right to correct any information we may hold about you that is inaccurate.

Right to restrict use of your personal information

You have the right to ask us to restrict processing of your personal information where one of the following applies:

  • The processing is unlawful but you want us to restrict use of the data instead of deleting it;
  • Where you contest the accuracy of your personal information, the restriction will apply until we have verified the accuracy or corrected your personal information;
  • We no longer require the personal information for the purposes of processing, but are required to keep it in connection with a legal claim;
  • You have exercised your right to object to the processing. The restriction will apply until we have taken steps to verify whether we have compelling legitimate grounds to continue processing. 

Right to request deletion of your personal information

You have the right to ask us to delete your personal information in certain circumstances. If you want to opt-out from receiving marketing communications, the best way to do so is to allow us to retain your information with a “do not contact” tag so we know not to contact you in the future. 

There are also certain exceptions where we may refuse a request for erasure, for example, where the personal information is required to comply with a legal obligation or for the establishment, exercise or defense of legal claims.

Right to object to processing of your personal information

You may object to our use of your personal information for marketing purposes.

You may also object to processing of your personal information in cases where we have used legitimate interests as the basis for processing. In such cases, we will stop processing your personal information until we verify that we have compelling legitimate grounds for processing that outweigh your interests, rights, and freedoms in asking us to stop processing the data, or in limited cases where we need to continue processing the data for the establishment, exercise, or defense of legal claims.

Right to data portability 

In most cases, you have the right to receive all personal information you have provided to us in a structured, commonly used, and machine-readable format and to transmit this data to another data controller, where technically feasible.

Right to lodge a complaint with a supervisory authority

If you object to our processing of your personal information, you have the right to complain to the data protection authority (“DPA”) in the country where you reside, where you work, or where the alleged infringement of data protection laws has taken place.

We agree that any disputes regarding our privacy policies and related actions regarding personal information from data subjects in the EU can be heard by a DPA and we will be subject to the determination of those bodies. Please contact us to be directed to the relevant DPA.

4. INTERNATIONAL TRANSFERS

Gartner is a global company and we may transfer personal information to other Gartner group companies or suppliers outside your country. Gartner will take reasonable steps to ensure that personal information is protected and any such transfers comply with applicable law.

Gartner may transfer and maintain the personal information of individuals covered by this Policy on servers or databases outside the European Economic Area (“EEA”). Some of these countries may not have the equivalent level of protection under their data protection laws as in the EEA.

The countries to which we transfer data outside of the EEA may include any of the countries in which Gartner does business. A list of Gartner office locations can be found here.

All Gartner entities have signed an Intragroup Agreement containing the European Union (“EU”) Commission Approved Standard Contractual Clauses for the transfer of data outside the European Economic Area. All Gartner entities have the same technical, physical, and administrative security controls and are required to comply with our data protection policies and procedures, applicable laws, and the terms of our client and member contracts governing the collection and use of information.

5. RETENTION PERIODS

We will retain your personal information for as long as required to perform the purposes for which the data was collected, depending on the legal basis for which that data was obtained and/or whether additional legal/regulatory obligations require us to retain it.  

In general terms, this will mean that your personal information will be kept for the duration of our relationship with you and:

  • the period required by tax and company laws and regulations; and
  • as long as it is necessary for you to be able to bring a claim against us and for us to be able to defend ourselves against any legal claims. This will generally be the length of the relationship plus the length of any applicable statutory limitation period under local laws. 

6. CHOICES ABOUT YOUR INFORMATION

We believe it is important to give you choices about the use of your information. We will use your information as described in this Policy (or any other conference- or service-specific Privacy Policy). If we want to use your information for a purpose not described in this Policy, we will first get your consent to do so.

Marketing Communications

We will respect your wishes not to receive marketing communications. You can change your marketing preferences by contacting us at the address here. If you gave us your email address to receive marketing communications, you can opt out at any time by using the unsubscribe links or instructions included at the bottom of our emails. Please note that we will continue to send you service-related communications regardless of any opt-out request. We will not sell or share your information or information with third parties (other than our subsidiaries or affiliates) for their own promotional or marketing purposes unless you give us consent to do so and where permitted by applicable law.

Gartner Everywhere

Gartner Everywhere is an extension for Google Chrome that allows clients to customize their Gartner experience by providing them with Gartner research applicable to the websites they are browsing in real-time via an easy to access pop-up in their browser. You can easily disable the extension and its collection of URLs by doing the following:

  1. Click the extension Gartner Everywhere button on the top of the browser window.
  2. Click the green toggle button to switch off.
  3. Select the duration that you would like to switch off the extension for.
  4. The extension will be automatically activated after the selected time period.

Conferences

When you attend one of our conferences, you may be issued a conference badge with an RFID chip, which has a unique identifier that can be scanned from various distances. We may use the RFID information to administer and improve the conference experience and solicit feedback and/or interest in Gartner products and services. We will not sell or share RFID information with third parties (other than our subsidiaries and affiliates) for their own marketing and promotional purposes.  You may request a non-RFID enabled badge by asking conferences staff at the registration desk.

We allow Exhibitors to scan attendee badges at our conferences. If you choose to allow an Exhibitor to scan your badge at the Exhibitor’s booth or when entering an Exhibitor session or function, you are giving us your consent to provide your contact details to that Exhibitor. Our Exhibitors’ use of any information you choose to share with them in this way is governed by each Exhibitor’s Privacy Policy. Badge scanning is optional and you may refuse to have your badge scanned by the Exhibitor.

7. SECURITY

We have implemented administrative, technical, and physical security measures to help prevent unauthorized access. Despite these measures, no data transmission over the Internet can be entirely secure, and we cannot guarantee or warrant the security of any information you transmit via our websites or apps. Please note that you are responsible for maintaining the security of your credentials used to access any Gartner service or account, and you must report suspected unauthorized activity to us.

We make reasonable efforts to restrict access to information to only those employees, contractors, and agents who need such access in order to operate, develop, improve, or deliver our programs, products, and services.

8. COOKIES AND SIMILAR TECHNOLOGIES

A cookie is a small text file which includes a unique identifier that is sent by a web server to the browser on your computer, mobile phone or any other internet enabled device when you visit an on-line site. Cookies and similar technologies are widely used to make websites work efficiently and to collect information about your online preferences.  For simplicity, we refer to all these technologies as "cookies".

Some of our website pages may contain electronic images known as web beacons (also known as clear gifs, tags or pixels) that allow us to count users who have visited our pages. Web beacons collect only limited information, e.g. a cookie number, time and date of a page view, and a description of the page on which the web beacon resides. We may also carry web beacons placed by third party advertisers. These beacons do not carry any information that could directly identify you.

We also include web beacons in e-mail messages or newsletters to track whether you open the messages. We use this information to customize our services and measure the overall effectiveness of our online content, advertising campaigns, and products and services we offer through the Site. Flash cookies operate differently than browser cookies, and cookie management tools available in a web browser will not remove flash cookies. To learn more about how to manage flash cookies, you can visit the Adobe website and make changes at the Global Privacy Settings Panel.

More detailed information on how we use cookies and other web technologies can be found here.

9. SHARED SERVICES

The Shared Services Leadership Council (“Shared Services”) prides itself in facilitating clients’ connections with one another. If you use the Shared Services site, you agree to provide and share with other Shared Services users certain pieces of contact information which may include your name, job title, organization's name, business email address, phone number, and your business address.

Shared Services encourages clients to participate in surveys, including Process Surveys and ASK Questions. If you participate in a Process Survey, your company name will be attributed to the quartile in which your response to the question falls and/or your response to the question. If you use the ASK question feature, your company name and individual name will attributed to that question. If you respond to an ASK Question, your company name and individual name will appear next to your response, and/or to any comments that are added to an ASK question. 

10. MISCELLANEOUS

10.1 Links

We provide links to other websites or resources that are not part of the products, programs, or services run by Gartner. We do not control these websites or their privacy practices, and any information you provide to these sites is subject to the Privacy Policies of those sites and not this Policy.

10.2 Changes to this Policy

From time to time, we may change and/or update this Policy. If this Policy changes in any way, we will post an updated version on this website. We recommend you regularly review this website to ensure that you are always aware of our information practices and any changes to such. Any changes to this Policy will go into effect on posting to this page.

11. California Privacy Rights & Notice of Collection

California law requires us to provide California residents with additional information regarding how we collect, use, and share your “personal information” (as defined in the California Consumer Privacy Act (“CCPA”)).

Categories of personal information we collect. In Section 1 above, and otherwise throughout this Policy, we discuss in detail the specific pieces of information we collect from and about users.  Below are the categories of personal information we collect: 

  • Identifiers (such as name and title, contact details, and company name);
  • Internet or other network or device activity (such as browsing history or app usage); 
  • Inference data about you; and
  • Other information that identifies or can be reasonably associated with you.

Use of categories of personal information. We may disclose the categories of personal information identified above for our operational purposes where the use is reasonably necessary and proportionate to achieve the operational purpose for which it was collected or processed, or for another compatible operational purpose.

Sale of Personal Information. The CCPA sets forth certain obligations for businesses that “sell” personal information.  Based on the definition of “sell” under the CCPA and under current regulatory guidance, we do not believe we engage in such activity and have not engaged in such activity in the past twelve months (including that we do not “sell” the personal information of minors under 16 years of age).  We do share certain information as set forth in Sections 1 and 2 of this Policy, and allow third parties to collect certain information about your activity, for example through cookies, as explained in our Cookie Policy.  

Individual Rights. California law may provide you with certain rights and permit you to request the following:

  • Provide you the categories of personal information we have collected or disclosed about you in the last twelve months; the categories of sources of such information; the business or commercial purpose for collecting or selling your personal information; and the categories of third parties with whom we shared personal information.
  • Provide access to and/or a copy of certain information we hold about you.
  • Delete certain information we have about you.

You may have the right to receive information about the financial incentives that we offer to you (if any). You also have the right to not be discriminated against (as provided for in applicable law) for exercising certain of your rights. Certain information may be exempt from such requests under applicable law. For example, we need certain types of information so that we can provide the Services to you and for compliance with applicable law. If you ask us to delete certain information, you may no longer be able to access or use the Services.

If would like to exercise any of these rights, please email us at privacy@gartner.com or send your written request to Data Protection Counsel, Americas, Gartner, 1201 Wilson Blvd., Arlington, VA. You will be required to verify your identify before we fulfill your request. You can also designate an authorized agent to make a request on your behalf. To do so, you must provide us with written authorization or a power of attorney, signed by you, for the agent to act on your behalf. You will still need to verify your identity directly with us.

Subject to certain limits under California Civil Code § 1798.83, California residents may request certain information regarding our disclosure of information to third parties for their direct marketing purposes. To make such a request, please contact us as specified at the beginning of this Privacy Policy.

California Online Privacy Protection Act Notice Concerning Do Not Track Signals

Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. We do not recognize or respond to browser-related DNT signals, as the industry is currently working toward a common approach to responding to DNT. To learn more about Do Not Track, please click here.

12. NEVADA PRIVACY RIGHTS

Nevada law requires us to provide certain Nevada consumers the ability to opt out of the “sale” of “personally identifiable information” as such terms are defined under Nevada law.  We do not engage in such activity; however, if you are a Nevada resident who has purchased goods or services from us, you may submit a request to opt out of any potential future sales under Nevada law by emailing privacy@gartner.com. Once verified, we will maintain your request in the event our practices change.  

How to Contact Us

Questions, comments and requests regarding this Privacy Policy should be addressed to our Data Protection Office through the following means:

Global Data Protection Office
Legal Department
56 Top Gallant Road
Stamford, CT 06902
USA
Email Address: privacy@gartner.com