QUALTRICS PRIVACY POLICY
Qualtrics, the world’s No. 1 Experience Management (XM®) provider and creator of the XM category, is changing the way organizations manage and improve the four core experiences of business—customer, employee, product, and brand. Over 17,500 organizations around the world are using Qualtrics to listen, understand, and take action on experience data (X-data)—the beliefs, emotions, and intentions that tell you why things are happening, and what to do about it. The Qualtrics XM Platform® is a system of action that helps businesses attract customers who stay longer and buy more, engage employees who build a positive culture, develop breakthrough products people love, and build a brand people are passionate about. To learn more, please visit qualtrics.com.
Qualtrics’ data protection officer can be reached at [email protected].
This Privacy Policy explains how we handle the personal information of business customer representatives, website visitors, and other users in connection with our websites and services.
This Privacy Policy does not apply to personal information that we process on behalf of our customers, such as information collected using the Qualtrics XM Platform®. We process that information as instructed by our customers, in our capacity as a service provider/data processor, in accordance with the terms of our customer agreements. Last Updated: 17 April, 2024.
Personal Information We Collect
Personal information you provide:
- Contact details and account information, such as your first and last name, organization name, mailing address, email address and phone number.
- Financial and payment information, such as your costs, sales, and royalty earnings, as well as your bank account, billing or other financial information, and transaction history, in order to facilitate payments to or by you.
- Communications that we exchange with you, such as when you contact us with questions, feedback or otherwise.
- Marketing data such as your preferences for receiving our marketing communications and details about your engagement with them.
Automatic data collection. We, our service providers and our business partners may automatically log and combine information about you, your computer or mobile device, and your interaction over time with the services, online resources and our communications, including:
- Device data such as your computer’s or mobile device’s operating system type and version, manufacturer and model, browser type, screen resolution, device type (e.g., phone, tablet), IP address, unique identifiers (including identifiers used for advertising purposes), language settings and general location information such as city, state or geographic area.
- Online activity data such as pages or screens you viewed, how long you spent on a page or screen, the website you visited before browsing to the services, navigation paths between pages or screens, information about your activity on a page or screen, access times, duration of access and whether you have opened or otherwise engaged with our communications, such as our marketing emails or clicked links or files within them.
IP Address Collection. When a Qualtrics’ customer sends a survey to an individual, Qualtrics may collect IP addresses from survey respondents. The purpose of collecting this information is to prevent and protect against fraud and malicious activity, and to ensure the security of the website, app or cloud service of Qualtrics.
Session Replay. Qualtrics may capture data to create a replay of your sessions when you use the Qualtrics website. This technology will record how you interact with and use the Qualtrics website to help us understand how individuals use our website, to improve user experience, and improve our products and services. We will not capture IP addresses, and we mask your text input. No third parties are used in connection with session replay.
We collect this information using cookies and other similar technologies. For more information, please visit our Cookie Statement.
Information we obtain from other sources:
- Social media information. We may maintain pages on social media platforms, such as Facebook, Twitter, and Instagram. When you visit or interact with our pages on those platforms, you or the platforms may provide us with information through the platform.
- Other sources. We may obtain personal information from other third parties, such as marketing partners, publicly available sources and data providers.
Information we obtain from call recordings:
We may record and store certain telephone conversations as part of our operations and to ensure the quality of our services. These call recordings enable us to review and evaluate customer interactions, enhance customer support, and train our employees to provide better assistance. We may record the call, use technologies to create call scripts and analyze the call to create follow-up actions and/or gauge customer satisfaction and sentiment. These call recordings are primarily used for the following purposes:
- Monitoring and improving the quality of our services
- Resolving any disputes or inquiries
- Training our employees to enhance customer support
- Maintaining accurate and comprehensive records of your interactions with us
How We Use Personal Information
We use personal information for the following purposes or as otherwise described at the time of collection:
To provide our services. We use personal information to operate, maintain, and provide you with our services, including to facilitate payments. In particular, we use personal information to perform our contractual obligations under our Terms of Service or other valid agreement between Qualtrics and your company.
To communicate with you about our services. It is in our legitimate business interests to use personal information to respond to your requests, provide customer support, and communicate with you about our services, including by sending announcements, updates, security alerts and support and administrative messages.
To improve, monitor, personalize, and protect our services. It is in our legitimate business interests to improve and keep our services safe for our users, which includes:
- understanding your needs and interests, and personalizing your experience with the services and our communications, including:
- troubleshooting, testing and researching and keeping the services secure; and
- investigating and protecting against fraudulent, harmful, unauthorized or illegal activity.
For research and development. We may use personal information for research and development purposes in our legitimate business interests, including to analyze and improve the services and our business. As part of these activities, we may create or use aggregated, de-identified or other anonymized data from personal information we collect. We make personal information into anonymized data by removing information that makes the data personally identifiable to you. We may use this anonymized data and share it with third parties for our lawful business purposes, including to analyze and improve the services and promote our business. We do not attempt to reidentify anonymized data.
For marketing and advertising. We, our service providers, and our third-party advertising partners may collect and use personal information for the following marketing and advertising purposes:
- Direct marketing. We may send you direct marketing communications as permitted by law, including by email. You may opt out of our marketing communications as described in the Opt-out of marketing communications section below.
- Interest-based advertising. We may engage third-party advertising companies, such as Google, to display our ads on their online services. We may also share information about our users with these companies to facilitate advertising for our services to them or similar users on other online platforms. For more information, or to understand your choices, please visit our Cookie Statement.
Except where consent is required, we undertake such marketing and advertising on the basis of our legitimate business interests. Where we seek your consent, you may withdraw your consent at any time.
For compliance and protection. We may use personal information to comply with legal obligations and to defend ourselves against legal claims or disputes, including to:
- protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims);
- audit our internal processes for compliance with legal and contractual requirements and internal policies;
- enforce the terms and conditions that govern the services;
- prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft; and
- comply with applicable laws, lawful requests and legal processes, such as to respond to subpoenas or requests from government authorities.
To train our artificial intelligence tools. We may process personal information using artificial intelligence (AI) technologies including generative AI, and we use this information for training machine learning models, natural language processing, large-language models and other relevant AI use-cases.
How We Disclose Personal Information
We may disclose personal information to the following entities:
- At your direction. We may disclose personal information to third parties as directed by you.
- Service providers. Companies and individuals that provide services on our behalf or help us operate the services or our business (such as hosting, information technology, customer support, email delivery and website analytics services).
- Professional advisors. Professional advisors, such as lawyers, auditors, bankers and insurers, where necessary in the course of the professional services that they render to us.
- Business transferees. Acquirers and other relevant participants in business transactions (or negotiations for such transactions) involving a corporate divestiture, merger, consolidation, acquisition, reorganization, sale or other disposition of all or any portion of the business or assets of, or equity interests in, Qualtrics (including, in connection with a bankruptcy or similar proceedings).
- Advertising partners. Third-party advertising companies, including for the interest-based advertising purposes described above, may collect information on the website through cookies and other automated technologies.
- Authorities and others. Law enforcement, government authorities and private parties, as we believe in good faith to be necessary or appropriate for the compliance and protection purposes described above.
We do not sell personal information, nor have we done so in the preceding 12 months. However, we do, and have in the past 12 months, shared certain personal information with advertising partners that display targeted advertisements to users around the web (as indicated in the Privacy Snapshot linked above). We do not have actual knowledge that we sell or share personal information of individuals under 16 years of age.
Privacy Rights and Choices
Opt-out of marketing communications. You may opt out of marketing-related emails and other communications by using the unsubscribe link found at the bottom of any marketing emails you have received. If you’re still having trouble accessing the subscription center, contact [email protected]. Please note, you may continue to receive services-related and other non-marketing operational emails.
Online tracking opt-out. You can opt out of certain first and third-party cookies as described in our Cookie Statement.
Personal information requests. We also offer you choices that affect how we handle the personal information that we control. Depending on your location and the nature of your interactions with our services, you may be entitled to request the following in relation to personal information:
- Information about how we have collected, used and disclosed personal information. We have made this information available to you without having to request it by including it in this Privacy Policy.
- Access to a copy of the personal information that we have collected about you. Where applicable, we will provide the information in a portable, machine-readable, readily usable format.
- Correction of personal information that is inaccurate or out of date.
- Deletion of personal information that we no longer need to provide the services or for other lawful purposes.
- Opt out of sharing of your personal information with advertising partners that display targeted advertisements, as described in our Cookie Statement or by clicking Your Privacy Choices on the footer of our website.
- Additional rights, such as to object to and request that we restrict our use of personal information.
To exercise your data protection rights, other than to opt out of sharing with advertising partners, please complete this Privacy Request Form and fill out the relevant details to start the identity verification process. Alternatively, you can direct your request to [email protected]. To exercise your right to opt out of the sharing of your personal information with advertising partners, please click on Your Privacy Choices in the footer of our website.
When contacting us via the Privacy Request Form or email, please indicate the following details: your full name, your country and state of residence and the right(s) you wish to exercise. If you are located in the State of California, you can also call toll-free using the numbers provided here. Depending on where you reside, you may be entitled to empower an “authorized agent” to submit requests on your behalf. We will require authorized agents to confirm their identity and authority, in accordance with applicable laws. You are entitled to exercise the rights described above free from discrimination.
Limits on your privacy rights and choices. In some instances, your choices may be limited, such as where fulfilling your request would impair the rights of others, our ability to provide a service you have requested, or our ability to comply with our legal obligations and enforce our legal rights. If you are not satisfied with how we address your request, you may submit a complaint by contacting us at [email protected]. Depending on where you reside, such as if you reside in the European Economic Area or United Kingdom, you may have the right to complain to a data protection regulator where you live or work, or where you feel a violation has occurred.
In addition, you may have the right to appeal our decision regarding a request related to these rights by contacting us at [email protected]. When you launch an appeal, we will need to collect information necessary to securely process your appeal.
Other Sites and Services
Our services may contain links to websites and other online services operated by third parties. In addition, our content may be integrated into web pages or other online services that are not associated with us. These links and integrations are not an endorsement of, or representation that we are affiliated with, any third party. We do not control websites or online services operated by third parties, and we are not responsible for their actions. This Privacy Policy does not apply to such third-party sites or services.
Security
We use reasonable organizational, technical and administrative measures designed to protect against unauthorized access, misuse, loss, disclosure, alteration and destruction of personal information we maintain. Unfortunately, data transmission over the Internet cannot be guaranteed as completely secure. Therefore, while we strive to protect your personal information, we cannot guarantee the security of personal information.
Children’s Privacy
Our services are not intended for use by children under 16 years of age or the equivalent minimum age in the relevant jurisdiction. If we learn that we have collected personal information through the services from a child under 16 without the consent of the child’s parent or guardian as required by law, we will take commercially reasonable steps to delete it.
International Data Transfers
We may transfer personal information to our affiliates and third parties, including service providers, in jurisdictions other than the jurisdiction you are located in. Please note that such jurisdictions may not provide the same protections as the data protection laws in the country where you reside.
When we engage in cross-border data transfers, we will ensure that relevant safeguards are in place to afford adequate protection for personal information and we will comply with applicable data protection laws, in particular by relying on an EU Commission or UK government adequacy decision or on contractual protections for the transfer of personal information, including the EU Standard Contractual Clauses.
Retention of Personal Information
Where required under applicable laws, we retain personal information only for as long as is necessary to fulfill the purposes for which it was collected and processed, in accordance with our retention policies, and in accordance with applicable laws and regulatory obligations or until you withdraw your consent (where applicable).
To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of personal information, the purposes for which we use personal information and whether we can achieve those purposes through other means, and the applicable legal and regulatory requirements.
Job Applicants
When you visit the Careers portion of the website, when you apply for a role at Qualtrics, and/or when you interact with the Qualtrics recruitment team, we collect the information that you provide to us in connection with your job application. This includes but is not limited to business and personal contact information, professional credentials and skills, educational and work history and other information of the type that may be included in a resume. This may also include diversity information that you voluntarily provide. We will process such information in accordance with this entire Privacy Policy. In addition, we use this information on the basis of our legitimate business interests to facilitate our recruitment activities and process employment applications, such as by evaluating a job candidate for an employment activity, to monitor recruitment statistics and to respond to surveys. We may also use this information to provide improved administration of the services and as otherwise necessary (i) to comply with relevant laws or to respond to subpoenas or warrants served on us, (ii) to protect and defend ours or others’ rights or property, (iii) in connection with a legal investigation and (iv) to investigate or assist in preventing any violation or potential violation of the law, this Privacy Policy or our Terms of Use (or other valid agreement between Qualtrics and your company).
EU-US Data Privacy Framework, Swiss-US Data Privacy Framework, and the UK Extension to the EU-US Data Privacy Framework
Qualtrics LLC complies with the EU-U.S. Data Privacy Framework (EU-US DPF), the UK Extension to the EU-U.S. DPF (UK-US DPF), and the Swiss-U.S. Data Privacy Framework (Swiss-US DPF) as set forth by the U.S. Department of Commerce (collectively, the DPF). Qualtrics LLC has certified to the U.S. Department of Commerce that it adheres to the DPF with regard to the processing of personal information received from the European Union, the United Kingdom (and Gibraltar) and Switzerland in reliance on the DPF. While Qualtrics complies with the DPF, Qualtrics does not transfer personal data pursuant to the DPF and continues to rely on EU Commission or UK government adequacy decisions or on contractual protections for the transfer of personal information, including the EU Standard Contractual Clauses. If there is any conflict between the terms in this Privacy Policy and the DPF Principles, the DPF Principles shall govern to the extent applicable to the personal data at issue. To learn more about the DPF program, and to view our certification, please visit https://www.dataprivacyframework.gov/. The Federal Trade Commission has jurisdiction over Qualtrics LLC’s compliance with the DPF. In accordance with the DPF, Qualtrics LLC is liable for onward transfers to third parties that process personal information in a way that does not follow the DPF unless Qualtrics LLC was not responsible for the event giving rise to any alleged damage.
Independent Recourse Mechanism
Qualtrics LLC commits to refer DPF Principles-related complaints about our collection and use of personal information. If you have any inquiries or complaints about our handling of your personal information received in reliance on the DPF, or about our privacy practices generally, please contact us at: [email protected]. We will respond to your inquiry promptly.
If you have an unresolved complaint concerning our handling of personal information received in reliance on the DPF that we have not addressed satisfactorily, please contact our U.S. based independent third-party dispute resolution provider, the International Centre for Dispute Resolution – American Arbitration Association (ICDR-AAA) (free of charge) at https://go.adr.org/dpf_irm.html. If neither Qualtrics nor the ICDR-AAA resolves your complaint, you may, in certain cases, pursue binding arbitration through the DPF Panel. To learn more about the DPF Panel, visit here.
Changes to This Privacy Policy
We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you and take any other steps required by applicable law.
How to Contact Us
Responsible entity. Qualtrics, LLC is the entity responsible for the processing of personal information under this Privacy Policy (as a controller, where provided under applicable law).
Contact us. If you have any questions or comments about this Policy or our privacy practices, please contact us by email at [email protected] or write to us at 333 W River Park Drive, Provo, Utah 84604, USA, marking for the attention of the Legal team.
EEA and UK Representative Contact Information. For users in the EEA, we have appointed Qualtrics Ireland Limited, at One Clarendon Row, Dublin 2, Ireland, as our EU data representative, and QUL Technologies Limited, at 5 New Street Square, London, United Kingdom, EC4A 3TW as our UK data representative. You can contact our EU and UK representatives at the addresses above or alternatively at [email protected].