This privacy notice only covers your activity on the public support website (support.veeva.com/hc/en-us). Our privacy practices for registered support portal users are described in our Privacy Notice for Users of Veeva Applications.

We collect the following types of information through our support website:

• Device & Usage: We collect device and usage information such as cookie records, browser type, internet service provider (ISP), device IP address, operating systems and versions, device motion data, web beacons and clickstream data.
• Surveys: If you complete a survey on our support website, we collect information you provide in your response to the survey.

When you visit our support website, we collect your information directly from you and indirectly by observing your actions on our support website or from your device. This includes collecting information using analytic tools and other tracking technologies. Please see our Cookie Notice for more information.

When you visit the support website, we collect your information to help us understand how you interact with us, to provide you with relevant information and services, and to help us to ensure the support website is working as designed. This may include processing personal information as necessary to analyze, improve and optimize the delivery and use of our support website and its security. We do not make decisions about you which have legal or similarly significant effects on you, based solely on the automated processing, including profiling, of your information. We do not sell your personal information or share it with third parties for cross-context behavioral advertising.

We may share personal information internally and with our subsidiaries and third parties for the following purposes:

• to support the purposes described in the section above entitled “Why We Collect Information and How We Use It”;
• to enable third parties to provide services on our behalf;
• to comply with applicable law, legal obligations and valid legal processes such as search warrants, subpoenas, and court orders;
• as necessary to establish, exercise or defend against potential, threatened or actual litigation;
• when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, or investigate or prevent fraud or other illegal activity;
• in connection with a merger, sale or asset transfer; and
• for additional purposes with your consent, where consent is required by law.

When we share your personal information, we will take reasonable steps to ensure that we only share the minimum personal information necessary for the specific purpose and circumstance.

Scope

We use information-gathering tools, such as cookies, pixels and web beacons, to collect information about you as you navigate our support website. These technologies are used in analyzing trends, administering the site, and tracking users’ movements around the site.

Cookies

When you visit the support website, our website asks your browser to store small text files called “cookies” on your device. Cookies are used to collect information about you, your preferences or your device. The cookies that are set by us are called first-party cookies. We mostly use cookies to collect information to make the site work as you expect it to, to analyze site usage and to provide a more personalized web experience. Some cookies may be stored on the support website that are not controlled by us; these are called third-party cookies. These cookies may be stored when the part of the support website you visit makes use of functionalities or features that are provided by third-parties whose services support the provision of the support website (e.g., to manage incoming site traffic, for rate limiting or bot management). We encourage you to review the privacy and cookie policies of these services to find out how these third parties use cookies. We do not use targeting cookies.

We classify cookies into the following categories:

• Strictly Necessary. These cookies are necessary for our support website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences or filling in forms. You can set your browser to block or alert you about these cookies, but if you do, some parts of the site will not work. These cookies do not store any personally identifiable information.
• Performance. These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the website. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site and will not be able to monitor its performance.
• Functional. These cookies enable the website to provide enhanced functionality and personalization. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies, then these services or features may not function properly.

You can delete all cookies that are stored in your browser, and you can set most browsers to prevent them from being placed. If you do so, you may have to manually adjust some preferences every time you visit the support website and some services and functionalities may not work. Please note that your choices are specific to the website you are navigating and to the device and browser you are using, and that removing or blocking non-required cookies can negatively impact your user experience and may cause some of the services available through the support website, including certain features and general functionality, to work incorrectly or no longer be available.

For more information about how cookies work, see aboutcookies.org.

Web Beacons and Similar Technologies

We use web beacons and similar technologies to understand how you use the support website and interact with emails from us. Web beacons are clear electronic images that help us understand what content you have accessed. Web beacons do not place information on your device, but they may work in conjunction with cookies to monitor website activity. For example, we may place web beacons in marketing emails that notify us when you click on a link in the email that directs you to one of our websites. We use web beacons to operate and improve our websites and email communications.

Global Privacy Controls

Global Privacy Controls are mechanisms that allow you to opt out of the sale of your personal information or the use of your personal information for targeted advertising purposes. If you turn on a Global Privacy Control setting and we detect an opt out preference signal, we will honor that preference.

We only keep your information for as long as it is necessary and relevant for the purposes described in this privacy notice. We retain device and usage information for up to one year (or as otherwise required by law).

We offer you certain controls over your information that we manage related to you on our support website. These controls may include the right to access, delete, correct, transfer and opt-out or object to the processing of your information. If you choose to exercise your rights, we will respond to your request in accordance with applicable laws, which may vary depending on where you live.

To opt out of our use of non-necessary cookies used on the support website, visit our Cookie Preference Center, which is accessible from the global footer of the support website. If you wish to exercise your privacy rights, click here or call us, (free of charge) at 1 (877) 807-3230. We will respond to your request in accordance with applicable laws, depending on where you live. In order to process your request, we require certain information about you. We will only use this information to verify your identity and facilitate the processing of your request. We may require you to provide proof of your identity.

You may use an authorized agent to submit a request on your behalf. Authorized agents can submit requests using the Authorized Agent and Requests Form. Authorized agents must provide a signed permission or power of attorney to submit requests on behalf of consumers.

There may be times when we are unable to fulfill your request; in those cases, we will let you know why we are unable to fulfill your request. If we deny or are otherwise unable to fulfill your request, you may have the right to appeal. To submit an appeal, you may use our Privacy Requests Appeal Form.

Our support website is not designed for or directed at children, and we do not knowingly collect personal information from children under the age of 18. If you believe we may have mistakenly collected the personal information of a minor without appropriate consent, please contact us using the methods described in the “Contact Us” section, and we will investigate and promptly address the issue.

We maintain a privacy and security program with technical, physical and organizational safeguards designed to protect against the wrongful access, use or disclosure of personal information, and to provide a level of security which we believe is appropriate to the risk our processing of your personal information poses to your privacy.

We regularly review and modify our security measures to reflect changing technology, laws and regulations, risk, industry and security practices and other business needs.

We are a global company. As a global company, we may transfer your personal information to various locations around the world for the purposes described in this privacy notice. We apply the protections and limitations described in this privacy notice regardless of where we process your personal information.

We also comply with various legal frameworks that enable the cross-border transfer of personal information. Where required, we rely on transfer mechanisms that lawfully support data transfer to locations that are not considered “adequate” by the appropriate data protection authority, which may include standard contractual clauses, obtaining your consent or another recognized transfer mechanism.

Data Privacy Framework

Veeva Systems Inc. complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF (UK Extension), and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. We have certified to the U.S. Department of Commerce that we adhere to the (i) EU-U.S. DPF Principles with regard to the processing of personal information received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension, and (ii) Swiss-U.S. DPF Principles with regard to the processing of personal information received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy notice and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the DPF program and to view our certification visit the Data Privacy Framework Program website.

The DPF applies to European, Swiss and UK individuals whose personal information is transferred to the United States. In compliance with the DPF, we allow these individuals the opportunity to choose (through an opt-out mechanism) whether their personal information is to be disclosed to a third party or used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized. The Your Controls section provides more information about these rights and the mechanisms we provide to exercise them. If we collect sensitive personal information on these individuals, we will obtain explicit consent before disclosing sensitive personal information to a third party or using it for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized.

If you have questions or concerns regarding our handling of your personal information under the DPF or about our privacy program generally, please contact us at privacy@veeva.com. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider, TrustArc, (free of charge) at feedback-form.trustarc.com/watchdog/request. If neither process resolves your question or concern, you may be able to pursue binding arbitration; visit the Data Privacy Framework Program website for more information about how to submit a complaint.

The Federal Trade Commission has jurisdiction over our compliance with the EU-U.S. DPF, the UK Extension, and the Swiss-U.S. DPF. We remain responsible for personal information that we transfer to third parties for processing on our behalf. We may be required to disclose personal information that we handle under the DPF in response to lawful requests by public authorities, including to meet national security or law enforcement requirements, as described in more detail by our Government Access Request Policy.

If you wish to exercise your privacy rights, please refer to the Your Controls section above. If you have any questions about our privacy practices, you can contact our Chief Privacy Officer at:

Veeva Systems Inc.
4280 Hacienda Drive
Pleasanton, CA 94588 USA
privacy@veeva.com

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider, TrustArc, (free of charge) at feedback-form.trustarc.com/watchdog/request.

From time to time, we may change this privacy notice to reflect changing technology, laws, regulations, risk, industry and security practices and other business needs. The most recent version will be found on this website; we post its effective date at the top. If we make a material update, we may notify you by posting notice on our website or by other means, consistent with applicable law.

Veeva Systems Inc. is the data controller for our support website. The legal basis for processing your personal information is our legitimate interest in providing and operating our support website.

Refer to the section of this privacy notice entitled “Your Controls” for information on how to exercise your rights. The categories of personal information we collect include:

• Identifiers such as a real name, alias, postal address, telephone or mobile contact number, unique personal identifier, online identifier, Internet Protocol address, email address and account name.
• Personal Information categories as defined in the California Customer Records statute, Cal. Civ. Code Section 1798.80, such as name, education, employment, employment history and financial information.
• Internet or other electronic network activity information, such as browsing history, search history, online behavior, interest data, and interactions with our and other websites, applications, systems and advertisements.

We collect this information to support the purposes described in the section of this privacy notice entitled “Why We Collect Information and How We Use It”. We collect your personal information from the sources described under the “How We Collect Information” section of this privacy notice.

We disclose the information from the above listed categories for the purposes and to the categories of recipients described in the section of this privacy notice entitled “Sharing Your Information”. We do not use or disclose sensitive personal information for any purpose other than those specified in Section 7027(m) of the CCPA regulations.