PRIVACY POLICY
Effective Date: September 15, 2022
This Privacy Policy (“Policy”) applies to www.xactlycorp.com (the “Site”) and the Xactly platforms; including Xactly Incent Enterprise™, Xactly Incent Express™, Xactly Insights™, Xactly Objectives™, Xactly Alignstar™, Xactly Forecasting™, Xactly Territories™, Xactly Commission Expense Accounting ™, Obero™, and other Xactly products and services (collectively the “Platforms”) owned and operated by Xactly Corporation (“Xactly” or “we” or “us”). Xactly has created this Policy in order to demonstrate our commitment to data privacy. Since we gather information from our visitors and customers, we have established this Policy to communicate our information gathering and management practices as well the choices we have made regarding how we use the information we collect. It also describes the choices available to you regarding the use of, your access to, and how to update and correct your personal data.
The collection and use of personal data collected by Xactly is limited to the purpose of providing the service for which the customer has engaged Xactly, for enhancing our products and services, and for communication with visitors and potential customers who have provided their information. Xactly collects the following types of personal data:
Registration Information - In order to access certain portions of the Site or for an Xactly-hosted webinar, you will be required to register by providing certain limited information regarding you and the company you represent such as name, email address, address, and phone number.
Financial Information - We collect payment and billing information when you register for paid products or services. This information will only be used to process payments for services provided by us.
Customer Support Records and Surveys - We may record and monitor calls and keep a record of your correspondence with us to deal with your inquiry and for quality and training purposes. We will ask for your consent prior to recording any call. Also, we collect feedback and other personal information through optional surveys.
Testimonials - We display personal testimonials of satisfied customers on our Site in addition to other endorsements. With your consent, we may post your testimonial along with your name. If you wish to update or delete your testimonial, you can contact us at support@xactlycorp.com.
Mobile - When you download our mobile application and use our services, we automatically collect information on the type of device and operating system version you use. We use mobile analytics software to allow us to better understand the functionality of our mobile software application on your phone. This mobile analytics software may record information such as how often you use the application, the events that occur within the application, aggregated usage, performance data, and where the application was downloaded from.
Location Information – The Site and Xactly platforms may collect your precise location if you grant it permission to do so.
Usage and Behavioral Data - As is true of most websites, we gather certain information automatically and store it in log files. This information may include internet protocol (IP) addresses, browser type, internet service provider, referring/exit pages, operating system, date/time stamp, and/or clickstream data. We use IP addresses to analyze trends, administer the Site, track user movement, and gather broad demographic information for aggregate use. IP addresses and other data that we automatically collect are not linked to personally identifiable information.
Xactly collects this information and engages third parties to collect personal data to assist us for a variety of reasons, including personalizing your experience, improving our products, contacting visitors to further discuss their interest in our company, sending information regarding Xactly, and providing technical support and security. Xactly and the third parties we engage may combine the information we collect with information obtained from other sources to help us improve its overall accuracy and completeness, and to help us better tailor our interactions with you. Any visitor and personal data collected by Xactly will not be distributed or shared with any third parties under any circumstance other than as outlined in this Policy. Customers can opt out of being contacted by us, or receiving such information from us, at any time by following the unsubscribe instructions contained in the email communications you receive or by unsubscribing at this link. We may work with partners or sponsors to provide access to content. When you access such content, we may share your personal data with the associated partners or sponsors.
Xactly and our partners, marketing partners, affiliates, or analytics or service providers, such as our online customer support technology provider, use cookies or similar technologies to administer the website, track users’ movements around the website, and gather demographic information about our user base as a whole. We may receive individual or aggregated reports based on the use of these technologies from these companies.
When you interact with the Site and Platforms, we strive to make that experience easy and meaningful. When you come to our Site and Platforms, our web server may send a cookie to your computer. Cookies are files that web browsers place on a computer’s hard drive and are used to tell us whether customers and visitors have visited the Site previously. Standing alone, cookies do not identify you personally. They merely recognize your browser. Unless you choose to identify yourself to Xactly by other means, such as requesting a download, logging into Xactly’s applications, or registering for a demo or webinar, you remain anonymous to Xactly. If you do not accept cookies from the Site, you cannot access certain portions of the Site or Platforms without registering again each time you would like to access restricted information.
The use of cookies by third parties on the Site is not covered by this Policy. We do not have access or control over these cookies.
We partner with one or more third-party ad networks to either display advertising on our Site or to manage our advertising on other sites. Our ad network partners use cookies and web beacons to collect personal data about your activities on the Site and other web sites to provide you targeted advertising based upon your interests.
If you would prefer to not receive personalized ads based on your browser or device usage, you may generally express your opt-out preference to no longer receive tailored advertisements. Please note that you will continue to see advertisements, but they will no longer be tailored to your interests.
To opt out of interest-based advertising by participating companies in the following consumer choice mechanisms, please visit:
- Digital Advertising Alliance (DAA)’s self-regulatory opt-out page and mobile application-based “AppChoices” download page
- European Interactive Digital Advertising Alliance (EDAA)'s consumer opt-out page
- Network Advertising Initiative (NAI)’s self-regulatory opt-out page
In the mobile environment, most mobile operating systems offer device-based opt-out choices that are transmitted to companies providing interest-based advertising. To set an opt-out preference for a mobile device identifier (such as Apple's IDFA or Android's GAID), visit the device manufacturer's current choice instructions pages, or read more about sending signals to limit ad tracking for your operating system.
Please note that these settings must be performed on each device (including each web browser on each device) for which you wish to opt out, and if you clear your cookies or if you use a different browser or device, you will need to renew your opt-out preferences.
Our Site includes social media features, such as the Facebook Like button (“Features”). These Features may collect your IP address, which page you are visiting on our Site, and may set a cookie to enable the Features to function properly. The Features on the Site are either hosted by a third party or hosted directly on our Site. Your interactions with these Features are governed by the privacy policy of the company providing the Feature.
We display personal testimonials of satisfied customers on our Site in addition to other endorsements. With your consent, we may post your testimonial along with your name. If you wish to update or delete your testimonial, you can contact us at support@xactlycorp.com.
Xactly strives to comply with all applicable laws worldwide that are designed to protect your privacy. Although legal requirements may vary by jurisdictions, Xactly intends to adhere to the principles set forth in this Policy. Our goal is to provide protection for your personal data no matter where that personal data is collected, transferred, or retained.
Users from European Union (EU) member countries and Switzerland are provided with further information under the Privacy Shield section of this Policy.
Regardless of the country of origin or residence, Xactly may process your personal data in the U.S. Xactly collects and transfer to the U.S. personal data only:
- with your consent;
- to perform a contract with you or to provide a service to you;
- for purposes of communicating with you; or
- to fulfill a compelling legitimate interest of Xactly in a manner that does not outweigh your rights and freedoms.
Xactly takes care to apply suitable safeguards to protect the privacy and security of your personal data and to only use it consistent with your relationship with Xactly and the practices described in this Policy. Xactly also minimizes the risk to your rights and freedoms by not collecting or storing sensitive information about you.
The European Union’s General Data Protection Regulation and other countries’ privacy laws provide certain rights for data subjects.
This Policy is intended to provide you with information about what personal data Xactly collects about you and how it is used. If you have any questions, please contact us at privacy@xactlycorp.com.
If you wish to confirm that Xactly is processing your personal data, or to have access to the personal data Xactly may have about you, please contact us at privacy@xactlycorp.com.
You may also request information regarding:
- the purpose of the processing;
- the categories of personal data concerned;
- who else outside Xactly might have received the data from Xactly;
- what the source of the information was (if you didn’t provide it directly to Xactly); and
- how long it will be stored.
You have a right to correct (rectify) the record of your personal data maintained by Xactly if it is inaccurate. You may request that Xactly erase that data or cease processing it, subject to certain exceptions. You may also request that Xactly cease using your data for direct marketing purposes. In many countries, you have a right to lodge a complaint with the appropriate data protection authority if you have concerns about how Xactly processes your personal data. When technically feasible, Xactly will—at your request—provide your personal data to you or transmit it directly to another controller.
Reasonable access to your personal data will be provided at no cost upon request made to Xactly at privacy@xactlycorp.com. If access cannot be provided within a reasonable time frame, Xactly will provide you with a date when the information will be provided. If for some reason access is denied, Xactly will provide an explanation as to why access has been denied.
Xactly takes substantial precautions to protect data and information under its control from misuse, loss, or alteration. We utilize some of the most advanced technology available today for internet security and are constantly taking measures to adjust to the changing security landscape. As such, Xactly maintains layered, defense-in-depth security measures, including hosting our solution in a Tier IV (the highest recognized level) datacenter, to allow only authorized personnel access to your information. When you provide us with sensitive information (such as your login credentials), we transmit your personal data in an encrypted state. Unfortunately, no system can ensure complete security, and Xactly disclaims any liability resulting from use of the Site. If you have any questions regarding security on our Site, you can contact us at privacy@xactlycorp.com.
The Site contains links to other web sites. Xactly is not responsible for the privacy practices or the content of these other web sites. Visitors are advised to check the privacy policies of other web sites to understand their policies. Accessing a linked web site may expose your private information.
Through this Policy, Xactly hereby informs you of the purpose for which it collects and uses personal data. Xactly will notify you in the event of any unintentional disclosure of your personal data to a third party. You have the option to limit the use of any personal data through the means described herein.
Xactly provides you with a choice to opt out of disclosure of your personal data to a third party or the use of personal data for something other than it was originally collected. If you would like to opt out, please contact privacy@xactlycorp.com or write to us at the address below.
Xactly collects information under the direction of its customers and has no direct relationship with the individuals whose personal data it processes. If you are an individual whose personal data was provided to Xactly by an Xactly customer (such customer the “data controller”) and would no longer like to be contacted by the data controller that uses our service, please contact the data controller that you interact with directly.
Xactly may transfer personal data to companies that help us provide our services to our customers and users such as an email service provider to send emails on our behalf and a career management partner to collect potential employee information. Transfers to these third parties are covered by the provisions in this Policy regarding notice and choice and the service agreements with our customers.
We reserve the right to disclose personal data as required by law, such as to comply with a subpoena, bankruptcy proceedings, or similar legal process when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
In the event Xactly goes through a business transition, such as a merger, acquisition by another company, or sale of all or a portion of its assets, your personal data will likely be among the assets transferred. You will be notified via either email or prominent notice on our Site 30 days prior to any such change in ownership or control of your personal data.
Xactly shall use information collected for its relevant and intended purpose only. If there is any change of use of the personal data collected, Xactly shall inform you and gain your approval before making such changes to the use of the personal data collected. Further, Xactly shall take reasonable steps to ensure that the personal data collected is accurate and reliable for its intended use.
Upon request Xactly shall provide you with information about whether we hold any of your personal data and reasonable access, as required by law, to your personal data in order to confirm that it is correct or to amend or delete inaccurate information. If you need to correct, update, or remove personal data provided to Xactly, please contact Xactly at privacy@xactlycorp.com or by our postal mail at the contact information listed below.
Xactly acknowledges that you have the right to access your personal data. Xactly has no direct relationship with the individuals whose personal data it processes. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct the query to the Xactly customer who provided the personal data to Xactly (such customer, the “data controller”). If the data controller needs to contact Xactly to request Xactly remove the data, such data controller can contact us at: privacy@xactlycorp.com. We will endeavor to respond to all requests for within 30 days.
Xactly will retain your personal data and the personal data we process on behalf of our customers for as long as needed to provide services to our customers. Xactly will retain and use this personal data as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Xactly participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce. We are committed to subjecting all personal data received from European Union (EU) member countries, the United Kingdom, and Switzerland, respectively, to the United States in reliance on each Privacy Shield Framework and their applicable principles, respectively. To learn more about the Privacy Shield Frameworks, and to view our certification, visit the U.S. Department of Commerce’s Privacy Shield List.
Recently, the European Court of Justice (CJEU) invalidated the EU-U.S. Privacy Shield program and ruled that standard contractual clauses (SCC) need to be evaluated on a case-by-case basis for transferring data from the EU. With this decision, you may be wondering how does this impact you and how Xactly manages data flows to the U.S.
Our standard DPA already includes the standard contractual clauses (SCC), click here to download our DPA. If you already have an executed DPA or SCC in place with Xactly, no further action is required.If you do not, please contact us at privacy@xactlycorp.com to get them in place. Based on the CJEU’s ruling, as well as statements from the U.S. Secretary of Commerce and the European Commission, Xactly has begun work with the certification bodies to evaluate alternative assurance program options that will preserve the Privacy Shield program's core principles and standards for protecting personal data by commercial enterprises, along with a review of the standard contractual clauses that are already within our DPA.
Xactly is responsible for the processing of personal data it receives under each Privacy Shield Framework and subsequent transfers to a third party acting as an agent on its behalf. Xactly complies with the Privacy Shield Principles for all onward transfers of personal data from the EU, the United Kingdom, and Switzerland, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Xactly is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Xactly remains committed to subjecting all personal data received from European Union (EU) member countries, the United Kingdom, and Switzerland, respectively, to the United States in reliance on each Privacy Shield Framework and their applicable principles, respectively.
Under certain conditions, more fully described on the Privacy Shield website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
Xactly has established internal mechanisms to verify its ongoing adherence to this Policy. Xactly encourages individuals covered by this Policy to raise any concerns about our processing of personal data by contacting us at: privacy@xactlycorp.com or at the address listed below.
Xactly Corporation
221 Saratoga-Los Gatos Road
Los Gatos, CA 95030
United States
After a complaint or concern is received, Xactly will work internally to resolve the issue. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge).
Xactly is headquartered in Los Gatos, California, in the United States. Xactly has appointed an internal data protection officer for you to contact if you have any questions or concerns about Xactly’s personal data policies or practices. Xactly’s data protection officer’s name and contact information are as follows:
Anthony Lee-Masis
Xactly Corporation
221 Saratoga-Los Gatos Road
Los Gatos, CA 95030
Local Phone: +1.408.977.3132
Email: privacy@xactlycorp.com
This Policy may be amended from time to time. We will notify you by email sent to the e-mail address specified in your account or by means of a prominent notice on this Site prior to any material amendments becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.
The General Data Protection Regulation (GDPR) is a European privacy law that took effect on May 25, 2018. This law is an important step forward in streamlining data protection requirements across the European Union.
Xactly is compliant with the requirements of GDPR and able to demonstrate compliance.
Additional Resources
Last Modified: April 6, 2021
Xactly uses sub-processors to assist in providing Xactly’s service offerings (“Services”), as more fully described in the applicable subscription and services agreement (“Agreement”) entered into by and between the Customer named in such Agreement and Xactly. For purposes of this document, “Xactly” means the Xactly entity which is a party to the Agreement, as specified in the Agreement being Xactly Corporation, a company incorporated in Delaware, or Obero Technologies, Inc., a company incorporated in Canada, as applicable.
Sub-processors
Sub-processor
A sub-processor is any entity engaged by Xactly to process Personal Data on behalf of Xactly as a Processor and you as the Data Controller. A sub-processor has or will potentially have access to or process Personal Data. Xactly requires sub-processors to satisfy equivalent obligations as those required by Xactly as a Data Processor as more fully set forth in Xactly’s Data Processing Addendum (“DPA”).
If you are an Xactly Customer and wish to enter into our DPA, you can download our DPA, or email us at privacy@xactlycorp.com.
The following is a list of Xactly sub-processors:
Sub-processors
Xactly works with certain sub-processors to provide specific functionality within the Services. In order to provide the relevant functionality these sub-processors process Personal Data.
Entity Name |
Primary Purpose |
Applicable Services |
Akamai Technologies, Inc. |
Content Delivery Network and Web Acceleration |
Incent Suit, Insights |
Amazon Web Services, Inc. |
Cloud Services Provider and Content Delivery Network |
AlignStar for Salesforce, SimplyComp, Territories, Forecasting |
Databricks, Inc. |
Machine Learning and AI features |
Incent Suite, Framework, Insights, Obero SPM, Xactly Commission Expense Accounting, Advanced Quota Planning, Territories, AlignStar for Salesforce |
The Rocket Science Group, LLC (Mailchimp) |
Customer Communication |
Incent Suite, Insights |
Microsoft Corporation |
Cloud Service Provider and Content Delivery Network |
Obero SPM, Xactly Commision Expense Accounting, Advanced Quota Planning |
Pendo.io Inc. |
Analytics Management Platform |
All |
Recurly, Inc. |
Billing and Subscription Management |
SimplyComp |
Salesforce.com |
Cloud Service Provider and Content Delivery Network |
Express, AlignStar for Salesforce |
Khoros, LLC |
Customer Engagement Platform |
All |
Oracle Corporation and its affiliates |
Cloud Service Provider and Content Delivery Network |
Incent Suite, Insights |
Salesforce.com, Inc. |
Customer Relationship Management |
All |
SendGrid, Inc. |
Customer Communication |
SimplyComp |
Snowflake, Inc |
Data Lake |
Incent Suite, Framework, Insights, Obero SPM, Xactly Commission Expense Accounting, Advanced Quota Planning, Territories, AlignStar for Salesforce |
Workday, Inc. |
Financial Management Application |
All |
Xactly Affiliate Sub-processors
Xactly may also engage one or more of the following affiliates as sub-processors to deliver some or all of the Services and may access Personal Data.
Entity Name |
Entity Country |
Xactly Australia |
Australia |
Xactly Canada, Inc. |
Canada |
Xactly Corporation, Inc |
United States |
Xactly France SAS |
France |
Xactly Germany Gmbh |
Germany |
Xactly Limited |
United Kingdom |
Xactly Technologies India Private Limited |
India |
TopOpps, Inc. |
United States |
Updates
As our business grows and evolves, the sub-processors we engage may also change. We will endeavor to provide the owner of customer’s account with notice of any new sub-processors to the extent required under the Agreement, along with posting such updates here.
Xactly's use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy including the Limited Use requirements.
Privacy Notice for California Residents
Effective Date: January 1, 2020
Your privacy is very important to us. This Privacy Notice for California Residents supplements the information contained in Xactly Corporation's Privacy Policy (“Policy”), and under the California Consumer Privacy Act of 2018 (“CCPA“), California residents ("consumers" or "you") have certain rights around Xactly’s collection, use, and sharing of their personal information.
Xactly does not sell your personal information and will not do so in the future without providing you with notice and an opportunity to opt out of such sale as required by law. Similarly, we do not offer financial incentives associated with our collection, use, or disclosure of your personal information.
Information We Collect
Our Website collects information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“personal information”). In particular, the Xactly website, www.xactlycorp.com (“Website”), has collected the following categories of personal information from its consumers within the last twelve (12) months:
Personal information does not include:
- Publicly available information from government records.
- Deidentified or aggregated consumer information.
- Information excluded from the California Consumer Privacy Act's (“CCPA”) scope, including but not limited to:
- health or medical information covered by
- the Health Insurance Portability and Accountability Act of 1996 (HIPAA)
- California Confidentiality of Medical Information Act (CMIA)
- clinical trial data
- personal information covered by certain sector-specific privacy laws:
- the Fair Credit Reporting Act (FRCA)
- the Gramm-Leach-Bliley Act (GLBA)
- California Financial Information Privacy Act (FIPA)
- the Driver's Privacy Protection Act of 1994
Xactly Corporation obtains the categories of personal information listed above from the following categories of sources:
- Directly from you or your agents. For example, from documents that you or your agents provide to us related to the services for which you engage us.
- Indirectly from you or your agents. For example, through information we collect from you in the course of providing services to you.
- Directly and indirectly from activity on our website (www.xactlycorp.com). For example, from submissions through our website portal or website usage details collected automatically.
- From third-parties that interact with us in connection with the services we perform. For example, from prospective customers when we prepare RFPs for our products or services.
Use of Personal Information
We may use, or disclose the personal information we collect for one or more of the following business purposes:
- To personalize your Website experience and to deliver content and product and service offerings relevant to your interests, including targeted offers and ads through our Website, third-party sites, and via email or text message (with your consent, where required by law).
- To provide you with support and to respond to your inquiries.
- To provide, support, personalize, and develop our Website, products, and services.
- To create, maintain, customize, and secure your account with us.
- To help maintain the safety, security, and integrity of our Website, products and services, databases and other technology assets, and business.
- For testing, research, analysis, and product development, including to develop and improve our Website, products, and services.
- To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
- As described to you when collecting your personal information or as otherwise set forth in the CCPA.
- To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Xactly Corporation's assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by Xactly Corporation about our Website users is among the assets transferred.
Xactly Corporation will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
Sharing Personal Information
Xactly Corporation may disclose your personal information to a third party for a business purpose. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.
- We share your personal information with the following categories of third parties:
- Service providers
- Data aggregators
Disclosures of Personal Information for a Business Purpose
In the preceding twelve (12) months, Company has disclosed the following categories of personal information for a business purpose:
- Category A: Identifiers.
- Category B: California Customer Records personal information categories.
- Category D: Commercial information.
- Category F: Internet or other similar network activity.
- Category G: Geolocation data.
We disclose your personal information for a business purpose to the following categories of third parties:
- Service providers
- Data aggregators
Sales of Personal Information
In the preceding twelve (12) months, Company has not sold personal information
Your Rights and Choices
The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.
Access to Specific Information and Data Portability Rights
You have the right to request that Xactly Corporation disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, and Deletion Rights), we will disclose to you:
- The categories of personal information we collected about you.
- The categories of sources for the personal information we collected about you.
- Our business or commercial purpose for collecting or selling that personal information.
- The categories of third parties with whom we share that personal information.
- The specific pieces of personal information we collected about you (also called a data portability request).
- If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
- sales, identifying the personal information categories that each category of recipient purchased; and
- disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
Deletion Request Rights
You have the right to request that Xactly Corporation delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, and Deletion Rights), we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
- Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
Exercising Access, Data Portability, and Deletion Rights
To exercise the access, data portability, and deletion rights described above, please submit a verifiable request to us by either:
- Completing the following form
- Emailing us at privacy@xactlycorp.com
- Calling us at 1-855-467-5740
Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.
Making a verifiable consumer request does not require you to create an account with us. However, we do consider requests made through your password protected account sufficiently verified when the request relates to personal information associated with that specific account.
We will only use personal information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request.
Response Timing and Format
We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.
If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.
Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request's receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily usable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Other California Privacy Rights
California's "Shine the Light" law (Civil Code Section § 1798.83) permits users of our Website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to privacy@xactlycorp.com or write us at:
Xactly Corporation
Attn: Data Privacy Officer
221 Saratoga-Los Gatos Rd.
Los Gatos, CA 95030
United States
Changes to Our Privacy Notice
Xactly Corporation reserves the right to amend this privacy notice at our discretion and at any time. When we make changes to this privacy notice, we will post the updated notice on the Website and update the notice's effective date. Your continued use of our Website following the posting of changes constitutes your acceptance of such changes.
Contact Information
If you have any questions or comments about this notice, the ways in which Xactly Corporation collects and uses your information described below and in the Privacy Policy, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at:
Phone: 1-855-467-5740
Website: www.xactlycorp.com
Email: privacy@xactlycorp.com
Postal Address:
Xactly Corporation
Attn: Data Privacy Officer
221 Saratoga-Los Gatos Road
Los Gatos, CA 95030
United States
Xactly Tools
Xactly recognizes that many of our customers are subject to at least some privacy-related laws that govern the handling of personal data. We seek to support our customers’ compliance with such laws by providing a comprehensive privacy and security program that includes technology, policies, practices, people and certifications.
Xactly has privacy and security policies that apply to all of our information handling practices.
Privacy Statement
• For information collected, Xactly provides assurances about the types of information collected, how that information may be used, and how that information may be shared.
• Xactly offers individuals the opportunity to manage their receipt of marketing and other non-transactional communications.
• Xactly offers individuals the opportunity to update or change the information they provide.
Xactly’s comprehensive privacy program includes ongoing education and communication with personnel and customers about current issues and best practices.
Internal Training and Communications for Xactly Personnel
• Xactly provides privacy training to all employees and contractors at hire and on an annual basis thereafter.
• Xactly regularly communicates with our personnel about our obligation to safeguard confidential information, including customer data and personal data.
Customer End User Awareness
• Xactly strongly encourages all of our customers and users to adopt industry-standard solutions to secure and protect their authentication credentials, networks, servers, and computers from security attacks.
• Xactly maintains a proactive client communication process which includes notifying end users about specific privacy issues, when warranted.
• The Xactly help system contains information about implementing customer-controlled security settings within the application.
• The security section of the Trust website includes a security-related white paper.
For additional questions, or to be taken off our marketing lists, please send an e-mail to privacy@xactlycorp.com or to the contact information above.