Services Privacy Statement

ServiceNow, Inc., including its subsidiaries and affiliates (collectively, "ServiceNow," "we," or "us") respects the privacy of its customer data.

This Services Privacy Policy (“Services Notice”) only covers our privacy practices with respect to the collection, use, and disclosure of information obtained in connection with the purchase and use of our hosted software applications (the "Subscription Service") and related support services ("Support Services"), as well as expert services, including professional services, training, and certification (the "Expert Services") that we provide to Customers (defined below). In this Privacy Statement, the Subscription Service, Support Services, and the Expert Services are collectively referred to as the "Service."  This Service Privacy Policy also covers information processed by ServiceNow for customer and partner account management purposes (for example, customer address and billing information collected for processing Customer’s purchase of ServiceNow’s Service).

This Services Policy does not cover a Customer's use or disclosure of any information it stores in the Subscription Service. This Services Policy also does not cover any information or data collected by ServiceNow for other purposes outside of the Service. This Services Notice also does not cover the use or disclosure of any information stored in the Subscription Service when hosted by the Customer. Please see our Privacy Statement for details on our privacy practices with respect to data collected on our websites and at events.

For the purposes of this Services Policy:

• “Customer” means the entity that purchases our Service.
• "Customer Data" means the electronic data uploaded into the Subscription Service by or for Customer or its Users.
• “Mobile Applications” means applications downloaded by an authorized user of our hosted software applications to a mobile device.
• “User” means an individual authorized by the Customer to access and use the Subscription Service.
• “Partner” means an entity that sells ServiceNow products and services or provides services or technology to ServiceNow customers.

As further described below, we collect several types of information from and about our Customers and Partners in the course of providing and supporting our Service.

Customers process Customer Data in the normal course of using our Service. Our use and access of Customer Data processed is limited to providing and supporting the Service and in accordance with the definitive agreement between Customer and ServiceNow pursuant to which the Customer purchased access to the Subscription Service (the “Customer Agreement”).

We host and process Customer Data at the direction of and pursuant to the instructions of our Customers.  We also collect several types of information from our Customers, including:

• Information and correspondence our Customers and Users submit to us in connection with Expert Services or other requests related to our Service.
• Information we receive from our business partners in connection with use of the Service or in connection with services provided by our business partners, including configuration of the Subscription Service.
• Server logs in support of the Subscription Service.
• Information collected via our Mobile Applications.

We also collect several types of information from about our Customers and partners as a data controller, including:

• General information, including a Customer or Partner’s company name and address, credit card information, and the Customer or Partner representative’s contact information (“General Information”).
• Quantitative data derived from our Customers and Users use of the Subscription Service, for example and without limitation, the number of active roles within a Customer’s instance.  All data collected, used, and disclosed will be in aggregate form only and will not identify Customer or its Users.

We may use Customer Data to provide and support the Service, including updating and maintaining the Subscription Service and providing Support and Expert Services. We will not use, disclose, review, share, distribute, transfer, or reference any Customer Data except as permitted in the Customer Agreement or as required by law.

We may use information we collect about our customers and partners for billing and contracting purposes.

We may disclose personal information that our Customers, Partners, and Users provide to us to the following categories of recipients:

• To our subsidiaries and affiliates (including those located outside the European Economic Area and Switzerland) as necessary to support provision of the Service to the Customer and operate our partner program.
• To our contractors, business partners and service providers we use to support our Service and business partners who provide services on behalf of our Customers.
• To a potential buyer (and its agents and advisors) in connection with any proposed merger, acquisition, or any form of sale or transfer of some or all of our assets (including in the event of a reorganization, dissolution or liquidation), in which case personal information held by us about our Customers and Partners will be among the assets transferred to the buyer or acquirer.
• To any competent law enforcement body, regulatory, government agency, court or other third party to: (i) comply with any court order, a request from any competent law enforcement agency, or any other legal obligation; (ii) enforce or apply the terms of the Customer Agreement; (iii) enforce or apply the terms of the agreement for partnership with our Partners; and (iv) protect the rights, property, or safety of ServiceNow, our Customers, Users, or others.
• In accordance with Customer instructions.

ServiceNow stores and processes Customer Data in: (i) any country where we have facilities, and (ii) any country in which we engage service providers. A list of ServiceNow’s global offices is available here.

For Customer Data transferred to us in the United States of America, ServiceNow, Inc. complies with the EU‑U.S. Privacy Shield Framework and the Swiss – U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Economic Area and Switzerland to the United States. You can view a description of how we comply with the Privacy Shield Principles in our Privacy Shield Policy.  To learn more about the Privacy Shield Framework and the scope of ServiceNow participation, please visit the Department of Commerce’s website, located here.

For other international transfers of personal information from the EEA, we will implement such measures as are necessary to ensure we provide appropriate safeguards for the transferred Customer Data, as agreed with our Customers.

ServiceNow maintains an information security program designed to protect Customer Data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access. The Subscription Service allows Customers to implement and configure their use of the platform and enforce their security requirements, including user access controls and encryption.

ServiceNow has a dedicated team responsible for monitoring and responding to security incidents. ServiceNow notifies Customers of security breaches in accordance with the Customer Agreement.

We retain Customer Data according to the timeframes set forth in the Customer Agreement.

We retain General Information where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax, or accounting requirements).

We may obtain additional information through Mobile Applications that Customer or their Users download to their mobile devices (“Devices”).  Mobile Applications we provide may obtain or collect information from User Devices in connection with the Service and are designed to interoperate with the Subscription Service; for instance, to provide a User with access to information within the Subscription Service or to provide information from a User’s Device to the Subscription Service.

Mobile Applications may access the geographic location of a User’s Device.  Our Mobile Applications may also provide us with information related to a User’s use of the Mobile Applications, including information regarding a User’s Devices and OS identification, login credentials, language, and time zone.  Mobile Applications may also collect information regarding a User’s interaction with Mobile Applications, which ServiceNow may use to provide and improve the Mobile Application services.

Information accessed or obtained by the Mobile Application on a User’s Device may be accessible to the Customer and its organization, depending on the intended functionality of the Mobile Application.

Customer and its Users may configure Mobile Applications affecting the information collected or accessed on a User’s Device.

In addition to Mobile Applications we provide, third party Mobile Applications may be made available for download to a User’s Devices.  The collection and use of information through third‑party Mobile Applications (if any) is governed by the applicable privacy notices of such third parties. Contractual terms related to a particular Mobile Application may be found in the End User License Agreement or relevant terms of service for that application.

Since each Customer is in control of what information, including any personal information, it collects from its Users, how that information is used and disclosed, and how that information can be changed, Users of the Subscription Service must contact the applicable Customer administrator with any inquiries about how the Customer uses and discloses personal information and how to access, rectify, correct, delete, and port personal information contained in Customer Data as well as object to or restrict the processing of personal information contained in Customer Data.

We provide you with certain choices regarding the General Information you provide to us. In particular:

• To access, correct, update, or request deletion of any personal information Customer or Partner provided us as part of the General Information, please contact your account representative or ServiceNow relationship manager or, where possible, use our portals you have access to (for example, our partner portal) to carry out these requests.  
• Certain jurisdictions, for example the European Economic Area, provide their residents specific privacy rights under applicable law. We will process requests to exercise such rights, including objection to and restriction of processing and requests for portability of personal information contained in General Information, in accordance with applicable data protection laws. You may send us an e‑mail at privacy@servicenow.com or using the contact details under the “Contact Us” heading below.

We will respond to such requests in accordance with the requirements of applicable data protection laws.  Please note that in order to fulfil your request, we may need you to provide certain information to verify your identity.

ServiceNow Applications for Third Party Services

We may also provide applications and integrations hosted by third party services (for example, messenger applications) for mutual customers that we have with such third‑party service providers. These applications and integrations will interact with the Subscription Service and our collection, use, and disclosure of information will be in accordance with this Services Privacy Statement and our Customer Agreement with the Customer. This Services Privacy Statement does not cover such third‑party service stores where we make our applications available. The use of any data you make available to such a third party is subject to that party’s privacy policy and your agreements, if any.

Third Party Websites and Applications 
Customers, Partners and other third parties, including our consultants, may develop applications (including Mobile Applications) or provide services to you or other third parties using our Service. This Services Notice does not apply to information collected by Customers, our business partners, and other third parties or third‑party applications (including Mobile Applications) or services, even if this information is collected using our Service.

Changes to this Services Privacy Statement

ServiceNow reserves the right to update or change this Services Privacy Statement from time to time. If we make material changes to this Services Privacy Policy, we will notify our Customers through an appropriate online notice (and obtain their consent where required by applicable law). For clarity, any update or change to this Services Notice will not change or modify the agreement between ServiceNow and Customer.

Contact Information

ServiceNow has a dedicated Privacy Team that is responsible for the implementation of our global privacy program. If you have questions or comment about this Services Privacy Statement and our privacy practices or if you are a Customer and need to update, change, or remove information from the Service, please log a ticket through our customer support portal.

For written inquiries, you may contact us at:

ServiceNow, Inc.
Attn: Privacy
2225 Lawson Lane
Santa Clara, CA 95054