Gartner Data Privacy Framework Notice
Effective: May 2024
Participation and Personal Information Covered
Gartner, Inc. and its United States affiliates, including Evanta, Capterra, Software Advice, and UpCity (hereinafter the “Gartner Group Companies”) comply with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.
The Gartner Group Companies have certified to the U.S. Department of Commerce that it adheres to (1) the EU-U.S. DPF Principles with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF, (2) from the United Kingdom in reliance on the UK Extension to the EU-U.S. DPF, and (3) to the Swiss-U.S. Data Privacy Framework Principles with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit the Data Privacy Framework website.
Our Data Privacy Framework certifications covers categories of personal information regarding current, former, and prospective associates in connection to their employment relationship with us, as described in the applicable Gartner Associate Data Protection Policy and Applicant Privacy Policy.
Accountability for Onward Transfers
Our certifications do not cover any disclosure of an individual’s personal information to a third party who processes personal information for its own purposes when the disclosure is made at the request of the individual. We may disclose personal information to third party service providers in connection with the operation of our business, including administering our employment relationships, and ensure that these third party service providers provide at least the same level of privacy protection as is required by the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. We may be liable if third parties fail to meet these obligations and we are responsible for the event giving rise to the damage.
The Gartner Group Companies may be required to disclose personal information to law enforcement, regulatory or other government agencies, or to other third parties, in each case to comply with legal, regulatory, or national security obligations or requests.
Individual rights
Individuals whose personal information is covered by this Notice have the right to access the personal information that Gartner Group Companies maintain about them as specified in the DPF Principles. Individuals may contact us to correct, amend or delete such personal information if it is inaccurate or has been processed in violation of the DPF Principles (except when the burden or expense of providing access, correction, amendment, or deletion would be disproportionate to the risks to the individual’s privacy, or where the rights of persons other than the individual would be violated). Individuals may also have the right to limit the use and disclosure of their personal information (opt out) under certain circumstances. Requests to access, correct, amend, delete, or limit the use and disclosure of personal information (opt out) may be submitted to www.gartner.com/personaldatarequest.
Enforcement
In compliance with the DPF Principles, Gartner Group Companies commit to resolve complaints about our collection or use of your personal information. Individuals with inquiries or complaints regarding this Notice should first contact the Gartner Data Protection Office at: privacy@gartner.com.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Gartner commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF in the context of the employment relationship.
Under certain conditions, individuals may have the possibility to engage in binding arbitration through the applicable Data Privacy Framework Panel. The Gartner Group Companies are also subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.