Privacy Shield

Xactly participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce. We are committed to subjecting all personal data received from European Union (EU) member countries, and Switzerland, respectively, to the United States in reliance on each Privacy Shield Framework and their applicable principles, respectively. To learn more about the Privacy Shield Frameworks, and to view our certification, visit the U.S. Department of Commerce’s Privacy Shield List.

Recently, the European Court of Justice (CJEU) invalidated the EU-U.S. Privacy Shield program and ruled that standard contractual clauses (SCC) need to be evaluated on a case-by-case basis for transferring data from the EU. With this decision, you may be wondering how does this impact you and how Xactly manages data flows to the U.S.

Our standard DPA already includes the standard contractual clauses (SCC), click here to download our DPA. If you already have an executed DPA or SCC in place with Xactly, no further action is required. If you do not, please contact us at privacy@xactlycorp.com to get them in place. Based on the CJEU’s ruling, as well as statements from the U.S. Secretary of Commerce and the European Commission, Xactly has begun work with the certification bodies to evaluate alternative assurance program options that will preserve the Privacy Shield program’s core principles and standards for protecting personal data by commercial enterprises, along with a review of the standard contractual clauses that are already within our DPA. Xactly is responsible for the processing of personal data it receives under each Privacy Shield Framework and subsequent transfers to a third party acting as an agent on its behalf. Xactly complies with the Privacy Shield Principles for all onward transfers of personal data from the EU, and Switzerland, including the onward transfer liability provisions.

With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Xactly is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Xactly remains committed to subjecting all personal data received from European Union (EU) member countries, and Switzerland, respectively, to the United States in reliance on each Privacy Shield Framework and their applicable principles, respectively.

Under certain conditions, more fully described on the Privacy Shield website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.