California Consumer Privacy Act (CCPA)
Effective Date: July 14, 2023
Your privacy is important to us. This Privacy Notice for California Residents (“Notice”) supplements the information contained in the Policy, and under the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act (collectively, “CCPA“), California residents (“consumers” or “you“) have certain rights regarding Xactly’s collection, use, and disclosure of their personal information.
Notice of Financial Incentive
You have the right to receive equal service and price and not be discriminated against even if you exercise any of your CCPA rights. However, the CCPA allows us to offer certain financial incentive programs that may result in different prices, rates, or quality levels as long as we obtain your prior opt-in consent and the difference in price, rates or quality levels is directly related to the value that is provided to us by your personal information. To the extent Xactly is offering any financial incentives, they will be posted here.
This Notice does not apply to:
- Our handling of personal information that is exempt under Section 1798.145 of the CCPA; or
- Personal information that we collect about employees, contractors, or job applicants.
Information We Collect
Our Site collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“personal information”). In particular, the Site has collected the following categories of personal information from its consumers within the last twelve (12) months:
| Category | Retention Period | General Example |
| (A) Identifiers | See How Long Do We Keep Your Personal Information? | A real name, unique personal identifier, online identifier, Internet Protocol address, or email address. |
| (B) Personal Information categories listed in the California Customer Records Statute (Cal. Civ. Code § 1798.80(e)) | See How Long Do We Keep Your Personal Information? | A name, email, address or telephone number. |
| (D) Commercial information | See How Long Do We Keep Your Personal Information? | Records of products purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. |
| (F) Internet or other electronic network activity information | See How Long Do We Keep Your Personal Information? | Browsing history, search history, and information regarding a consumer’s interaction with an internet website, application, or advertisement. |
| (G) Geolocation data | See How Long Do We Keep Your Personal Information? | Physical location/address. |
| (K) Inferences | See How Long Do We Keep Your Personal Information? | Inferences drawn from your online behavior or purchases to create a profile of your preferences. |
Personal information does not include:
- Publicly available information from government records.
- Deidentified or aggregated consumer information.
- Certain other information excluded from the CCPA’s scope that is already regulated by other laws or regulations.
Xactly obtains the categories of personal information listed above from the following categories of sources:
- Directly from you or your agents. For example, from documents that you or your agents provide to us related to the Platforms for which you engage us.
- Indirectly from you or your agents. For example, through information we collect from you in the course of providing the Platforms to you.
- Directly and indirectly from activity on our Site. For example, from submissions through our Site portal or Site usage details collected automatically.
- From third-parties that interact with us in connection with the services we perform. For example, from prospective customers when we prepare RFPs for our Platforms.
Use of Personal Information and Sale and/or Sharing of Personal Information
We may use, or disclose the personal information we collect for one or more of the business purposes in the table below.
Under the CCPA, “personal information” includes information that is not necessarily directly tied to an individual’s identity but may be associated with a device. This includes identifiers such as IP addresses, web cookies, web beacons, and mobile Ad IDs. In many cases, these types of information do not directly identify you, but they are unique identifiers that could be linked to you and therefore covered by the CCPA. The term “sell” is broadly defined to include not just selling in exchange for money, but also sharing personal information (including information that does not directly identify an individual as described above) in exchange for anything of value, which is not limited to the exchange of money. Under the CCPA’s broad definition of “sell,” which includes even the common flow of information in the digital analytics and advertising ecosystem, Xactly does “sell” personal information. Like most companies that operate websites, Xactly uses online analytics to measure the ways users engage with our Site and to provide targeted marketing. These analytics, in turn, inform how we perform online advertising. As such, Xactly “shares” (as defined by CCPA) your personal information for cross-contextual behavioral advertising. In order to provide these analytics and facilitate online advertising, we use third-parties that collect device identifiers and place tags, cookies, beacons, and similar tracking mechanisms on our digital properties and on third-party digital properties as set forth in our Cookie Notice
| Personal Information | |||
| Categories of Personal Information | Retention Period | Business Purpose | Sold or Shared |
| (A) Identifiers(B) Personal Information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))
(D) Commercial information (F) Internet or other electronic network activity information (G) Geolocation data |
See How Long Do We Keep Your Personal Information? | To provide the Platform and Site, including to fulfill orders. | Yes |
| (A) Identifiers(B) Personal Information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))
(D) Commercial information (F) Internet or other electronic network activity information (G) Geolocation data |
See How Long Do We Keep Your Personal Information? | To provide you with support and to respond to your inquiries. | Yes |
| (A) Identifiers(D) Commercial information
(F) Internet or other electronic network activity information (G) Geolocation data (K) Inferences |
See How Long Do We Keep Your Personal Information? | For testing, research, analysis, and product development, including to develop and improve our Site and Platforms. | Yes |
| (A) Identifiers(B) Personal Information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))
(D) Commercial information (F) Internet or other electronic network activity information (G) Geolocation data (K) Inferences |
See How Long Do We Keep Your Personal Information? | To market or advertise new or existing Platforms to you. | Yes |
| (A) Identifiers
(B) Personal Information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) (D) Commercial information (G) Geolocation data |
See How Long Do We Keep Your Personal Information? | To retain records as may be required, for instance for legal and financial purposes. | Yes |
| (A) Identifiers(B) Personal Information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))
(D) Commercial information (F) Internet or other electronic network activity information (G) Geolocation data (K) Inferences |
See How Long Do We Keep Your Personal Information? | To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Xactly’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by Xactly about our Site users is among the assets transferred. | Yes |
| Any category of personal information as may be required and only as outlined in this Privacy Notice | See How Long Do We Keep Your Personal Information? | To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations. | No |
Xactly will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
Disclosures of Personal Information for a Business Purpose and/or Commercial Purpose
Xactly may disclose your personal information to a third party for a business and/or commercial purpose. When we disclose personal information for a business purpose and/or commercial purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except for the stated business purpose and/or commercial purpose.
In the preceding twelve (12) months, Company has disclosed the following categories of personal information for a business purpose and/or commercial purpose:
- Category A: Identifiers.
- Category B: California Customer Records personal information categories.
- Category D: Commercial information.
- Category F: Internet or other similar network activity.
- Category G: Geolocation data.
We disclose your personal information for a business purpose and/or commercial purpose to the following categories of third parties:
- Service providers (business purpose)
- Data aggregators (business purpose and/or commercial purpose)
How Long Do We Keep Your Personal Information?
Your personal information is processed for the period necessary to fulfill the purposes for which it is collected, to comply with legal and regulatory obligations and for the duration of any period necessary to establish, exercise or defend any legal rights.
In order to determine the most appropriate retention periods for your personal information, we consider the amount, nature and sensitivity of your personal information, the reasons for which we collect and process your personal information, best practices, and applicable legal requirements. When we have no ongoing legitimate business need or specific obligation to process your personal information, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), we will securely store your personal information and isolate it from any further processing. Some exceptions from static retention periods may occur. For instance, we cannot delete personal information when there are legal obligations to retain it (e.g., arising from tax or commercial law). This is particularly true of financial data and payment information. Additionally, we cannot delete personal information when it is needed for the establishment, exercise or defense of legal claims (“litigation hold”). In this case, the personal information can be retained as long as needed for exercising respective potential legal claims.
In some instances, we may choose to anonymize your personal information instead of deleting it, for statistical use, for instance. When we choose to anonymize, we implement measures designed to prevent personal information from being linked back to you or any specific consumer.
Your Rights and Choices
The CCPA provides consumers (i.e., California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.
Access to Specific Information and Data Portability Rights
You have the right to request that Xactly disclose certain information to you about our collection and use of your personal information over the past twelve (12) months. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, and Deletion Rights), we will disclose to you:
- The categories of personal information we collected about you.
- The categories of sources for the personal information we collected about you.
- Our business or commercial purpose for collecting, selling, and/or sharing that personal information.
- The categories of third parties with whom we disclose that personal information.
- The specific pieces of personal information we collected about you (also called a data portability request).
- If we sold, shared, or disclosed your personal information for a business or commercial purpose, three separate lists disclosing:
-
- sales, identifying the personal information categories that each category of recipient purchased;
- shared, identifying the personal information categories that was shared with recipient; and
- disclosures for a business purpose and/or commercial purpose, identifying the personal information categories that each category of recipient obtained.
-
Correction Rights
You have the right to have inaccurate personal information corrected (see Exercising Access, Data Portability, Correction, and Deletion Rights).
Deletion Request Rights
You have the right to request that Xactly delete any and all of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, and Deletion Rights), we will delete (and direct our service providers, contractors, and third parties, as applicable, to delete) your personal information from our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our service provider(s), contractor(s), and/or third parties, as applicable, to:
- Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
Right of Non-Discrimination
We will not discriminate against you in a manner prohibited by the CCPA because you exercise your CCPA rights. While you may request to delete your personal information under CCPA, such deletions may affect our ability to offer the Site and/or Platforms to you.
Exercising Access, Data Portability, Correction, and Deletion Rights
To exercise the access, data portability, correction, and deletion rights described above, please submit a verifiable request to us by either:
- To access your data rights please submit your request using the following forms.
- For California Residents – CPRA Consumer Rights Request Form.
- For all other jurisdictions/areas, please use the generic Consumer Rights Request Form
- Emailing us at privacy@xactlycorp.com
- Calling us at 1-855-467-5740
Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
- Provide sufficient information that allows us to reasonably verify that you are the person about whom we collected personal information or an authorized representative.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.
Making a verifiable consumer request does not require you to create an account with us. However, we do consider requests made through your password protected account sufficiently verified when the request relates to personal information associated with that specific account.
We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
Response Timing and Format
We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 90 days, with an extension), we will inform you of the reason and extension period in writing.
If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.
Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily usable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Other California Privacy Rights
California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our Site that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email or write us at the information below.
Do Not Track Signals and Global Privacy Control
We will not respond to your selection of the “Do Not Track” setting or other “opt-out” setting or feature that may be offered by your browser. We do respond to the Global Privacy Control.
Contact Information
If you have any questions or comments about this notice, the ways in which Xactly collects and uses your information described below and in the Privacy Policy, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at:
Phone: 1-855-467-5740
Website: www.xactlycorp.com
Email: privacy@xactlycorp.com
Postal Address:
Xactly Corporation
Attn: Data Privacy Officer
221 Saratoga-Los Gatos Road
Los Gatos, CA 95030
United States