Services Privacy Statement

ServiceNow, Inc., including its subsidiaries and affiliates (collectively, "ServiceNow," "we," or "us"), respects the privacy of individuals.

This Services Privacy Statement (“Services Notice”) applies to our collection, use, and disclosure of information obtained in connection with the provision and use of our software applications and Mobile Applications (the “Subscription Service”) to the extent that we act as data controller (for example, in respect of account management and billing information).  It also applies to our processing of personal data in the context of the ancillary services provided through or by other platforms outside of the Subscription Service (including, for example, Now Learning, Now Community, Now Support, the App Store, the Partner Portal, and any other sites in the ServiceNow ecosystem) to the extent that we are acting as a data controller. In this Services Notice, all of these offerings in respect of which we are acting as data controller are collectively referred to as the "Services."

For clarity, this means that this Services Notice does not apply where we process personal data as processor on behalf of our Customers in the context of providing the Subscription Service. We or our Customers or Partners may also provide applications and integrations hosted by third party services. This Services Notice does not cover such third‑party services even if this information is collected using our Service.

This Services Notice also does not apply to information or data collected by ServiceNow for other purposes outside of or unrelated to the Service. Please see our Website and Event Privacy Statement for details on our privacy practices with respect to data processed in relation to our websites, events and marketing activities or our Applicant Privacy Statement which covers our privacy practices in relation to an individual’s application for employment at ServiceNow.

For the purposes of this Services Notice:

• “Customer” means the entity that purchases our Service (or who obtains a free trial of our Service, where applicable).
• “Customer Agreement” means the definitive agreement between Customer and ServiceNow under which the Customer purchased access to the Service.
• "Customer Data" means the electronic data uploaded into the Subscription Service by or for Customer or its Users.
• “Account Data” means a credit card or billing information, and the Customer or Partner representatives’ contact information.
• “Mobile Applications” means applications downloaded by an authorized user of our software applications to a mobile device.
• “Usage Data” means data derived from Users’ use of the Service. For the avoidance of doubt, Usage Data does not include or form part of Customer Data.
• “User” means an individual authorized to access and use the Services.
• “Partner” means an entity that sells ServiceNow products and services or provides services or technology to ServiceNow customers that relate to the Service.

We collect several types of information from and about our Customers, Users, and Partners in the course of hosting, providing, maintaining, supporting, and improving our Service. 

We are a data controller with respect to any data uploaded to our platforms (other than Customer Data uploaded to the Subscription Service). We may process personal data that Users choose to submit to these platforms, which may include name, contact details, log in details, job titles, photographs, and education history. For the avoidance of doubt, we act as a data processor when processing Customer Data on behalf of our Customers in the course of providing the Subscription Service to them.

We may collect audio and / or video recordings, and / or photographs of Users, or other individuals where they have chosen to provide feedback about the Services to our research team.

We also collect Account Data from our Customers or Partners.  Account data includes credit card or billing information and the Customer or Partner representatives’ contact information, job title, or information about the Services purchased or configured.

We may obtain additional information through Mobile Applications that Customers or their Users download to their mobile device. In addition to the personal data Users provide, we also collect certain other personal data through the use of our Mobile Applications. For example, our Mobile Applications may also provide us with information related to a User’s use of the Mobile Applications, including information regarding a User’s device and operating system, language, location, and time zone. Mobile Applications may also collect information regarding a User’s interaction with Mobile Applications, which ServiceNow may use to provide and improve the Mobile Application and / or Services.

Additionally, we collect Usage Data directly from the User’s use of the Services. This may include usage patterns, session duration, traffic data, location data, approximate location, logs and other communication data, and the resources that the User accesses, as well as information about the User’s device and internet connection, including their operating system and browser type. 

Finally, we may process certain User login data for certain Services.

We may process personal data for a number of reasons.  We may process Account Data for billing, account management, and contracting purposes. We process Usage Data for general maintenance, support, security, and to improve the Service. We also process User log‑in data to administer individual accounts related to training/learning activities.

Where we have a Customer’s prior authorization and agreement, we may process their Customer Data for the purpose of training ServiceNow’s artificial intelligence (“AI”) and machine learning (“ML”) models.  Additionally, we may also process other personal data which is not Customer Data (including data inputted by Users into other ServiceNow platforms), for the purpose of training these AI and ML models.  We may use third party service providers to train our models, which may involve the transfer of personal data to those third parties.

By registering for the Service, ServiceNow will create a profile on the User’s behalf that will allow the User to access any of the other ServiceNow designated sites using the same username and password for all sites. The personal data may be collected during registration and/or use of any one of these sites that the User choose to make public, may be visible to other users of the sites. In addition, the User’s personal data may be used by the other sites for the purposes of enhancing the User’s experience and improving the quality of our services.

We may also process Account Data and other personal data we receive from Users or representatives of Customers or Partners for other purposes, including to:

• operate, maintain, and improve the Services (including by asking for feedback in certain circumstances); 
• develop new products and features;
• provide Users, Customers, and Partners with information, products, or services that they request from us;
• carry out our obligations and enforce our rights arising from any contracts entered into between us;
• conduct industry analysis, benchmarking, analytics, and other business purposes;
• enforce our legal rights or to defend a claim or otherwise to protect the rights and property of ServiceNow and others;
• comply with legal and financial obligations.

To the extent that we process personal data, including Account Data or Usage Data or certain User log‑in data, we do so on the basis of our legitimate business interest to do so (taking into account the fundamental privacy rights of any relevant individuals), and / or on the basis of compliance with a legal obligation, and / or on the basis of performance of a contract, and / or on the basis of consent, depending on the specific activity involved.

Where we process personal data (including personal data within Customer Data, where applicable) to train AI or ML models, this processing is conducted on the basis of the legitimate interests of both ServiceNow and our Customer, in order to improve of these AI and ML models and, therefore, to provide a more accurate and reliable service to ServiceNow’s Customers and Users.  Where applicable, we also take steps to minimise the amount of personal data processed for this purpose.

We may disclose personal data covered by this Services Notice to the following categories of recipients:

• To our subsidiaries and affiliates as necessary for the purposes outlined above.
• To our contractors, Partners, and service providers we use to support our Service and Partners who provide services on our behalf and on behalf of our Customers (including AI and ML service providers, where applicable).
• To a potential buyer (and its agents and advisors) in connection with any proposed merger, acquisition, or any form of sale or transfer of some or all of our assets (including in the event of a reorganization, dissolution, or liquidation), in which case personal data held by us about our Customers, Users, and Partners will be among the assets transferred to the buyer or acquirer.
• To any competent law enforcement body, regulatory, government agency, court or other third party to: (i) comply with any court order, a request from any competent law enforcement agency, or any other legal obligation; (ii) enforce or apply the terms of the Customer Agreement or any contract to which ServiceNow is party; (iii) enforce or apply the terms of the agreement for partnership with our Partners; (iv) protect the rights, property, or safety of ServiceNow, its affiliates, employees, and agents and / or ServiceNow’s Customers, Users, or others; and (v) to defend against a legal claim.
• To any other user of the site or any other sites in the ServiceNow ecosystem, where the User chooses to make that information public.
• To any other person with consent to the disclosure.

We may store and process data covered by this Services Notice in: (i) any country where we have facilities; and (ii) any country in which we engage service providers. A list of ServiceNow’s global offices is available here.

For international transfers of personal data from the EEA, UK, or Switzerland, we implement such measures as are necessary to ensure we provide appropriate safeguards for the transferred data, including through the use of Standard Contractual Clauses or another lawful transfer data transfer mechanism.

ServiceNow maintains appropriate technical and organisational measures designed to protect the data covered by this Services Notice from accidental or unlawful destruction, loss, alteration, unauthorised disclosure, and access. ServiceNow personnel and service providers with access to such data are required to keep them confidential and secure. 

We retain personal data only for so long as we have an ongoing legitimate business need to do so (for example, to provide the User with a service they or the Customer or Partner has requested or to comply with applicable legal, tax, or accounting requirements, or to maintain a record of consent preferences).

Where we act as data controller, we provide Users with certain choices regarding the personal data they provide to us in accordance with applicable laws. Depending on where the User resides, the User may have the following rights:

• If a User wishes to object to or restrict processing of personal data, or request portability of, access to, correction of, or deletion of personal data, he or she may contact us to request the exercise of such rights.
• Certain jurisdictions, for example certain States in the USA such as California, provide their residents with additional control over how their information is “shared” or “sold” (as those terms are defined under applicable laws). ServiceNow does not “sell” personal data obtained from the operation of the Services to third parties. ServiceNow does not “share” this information for purposes of cross context behavioural advertising.
• Users have the right to complain to a data protection authority if they are unhappy about our collection and use of their personal data.
• Under applicable laws, Users may have the right to appeal where we make a decision in relation to their request regarding their personal data. 

We will respond to such requests in accordance with the requirements of applicable data protection laws. Please note that in order to fulfil a User’s request, we may need the User to provide certain information to verify their identity. Additionally, if a User would like to use an authorized agent to exercise their rights, we may request evidence that the User has provided such agent with authority to submit requests on their behalf and ask that the User to verify their identity directly with us.

To exercise certain rights under applicable laws (including rights under California law), Users may submit a form here. Alternatively, Users may contact us to exercise these or other rights using the details in the “Contact Information” section below.

This section applies to California residents and describes our data practices today and in the preceding 12 months.  Under the CCPA, California residents have certain specific personal data rights.

Additional Disclosures
For information about the sources of the personal data we, please see the “How We Obtain Information” section above. 

We process this personal data for the business and commercial purposes described in the “How We Use Information Collected” section above. 

We have disclosed personal data for the business and commercial purposes described in the “How We Disclose Information Collected” section above. Specifically, we have disclosed the following categories of personal data to the following categories of recipients:

• Identifiers (such as a User’s name, mailing address, email address, telephone number, account credentials, or login details etc.) may be shared with our subsidiaries and affiliates, service providers (including cloud service providers, security providers, and data storage providers, together “Platform Service Providers”) and data analytics providers.
• Customer records (such as credit card information (for the purpose of processing payment) or billing information, and the Customer or Partner representatives’ contact information) may be shared with our subsidiaries and affiliates, business partners who we partner with to jointly sell our products, Platform Service Providers, marketing services provider, and data analytics providers.
• Commercial information (such as products or services purchased or configuration of the Subscription Service) may be shared with our subsidiaries and affiliates, business partners who we partner with to jointly market or sell our products, Platform Service Providers, marketing service providers, advertising service providers, and data analytics providers.
• Device, internet, and electronic network activity information (such as IP address, usage patterns, traffic data, location data, logs, other communication data, and the resources that the User accesses, as well as information about their device and internet connection, including the operating system and browser type) may be shared with our subsidiaries and affiliates, Platform Service Providers, and data analytics providers. 
• Approximate geolocation data (such as a User’s city of residence) may be shared with our subsidiaries and affiliates, Platform Service Providers, and data analytics providers.
• Audio, electronic, visual, and similar information (such as photographs or recordings of selected interviews, or feedback sessions) may be shared with our subsidiaries and affiliates and Platform Service Providers.  
• Professional or employment‑related information (such as job title and employment history) may be shared with our subsidiaries and affiliates, business partners, Platform Service Providers, marketing services providers, and data analytics providers.

For more information on how information is disclosed, please see the “How We Disclose Information Collected” section, which provides more detail on our business partners, service providers and third parties. We may also need to disclose any of the above categories of information where legally required, in order to obtain professional services (such as from lawyers, accountants or auditors), or in connection with a proposed merger, acquisition, or any form of sale or transfer of some or all of our assets.

Under the CCPA, if a business “sells” or “shares” personal data, it must allow California residents to opt out of the “sale” or “sharing” of their personal data. However, we do not “sell” or “share” personal data in the provision of our Service.

We may process User log‑in details or account credentials, where provided to us. This information is only used for the purpose of providing the service to Users and not for any other purpose. We do not use or disclose sensitive personal data for the purpose of inferring characteristics about Users.

Privacy Rights
To exercise rights under CCPA, please submit the request through this form.  Under CCPA, Users have the following rights:

• to opt out of cookies and the sale or sharing of personal data using online tracking technologies;
• to limit the use of sensitive personal data;
• to access, correct, or delete personal data we hold about Users;
• to appeal a decision we make about a User’s privacy requests.

Please see the “Your Privacy Rights” section above for more information about Users’ privacy rights and how to exercise them, including how authorized agents can exercise rights and how we may verify Users’ requests. We will not discriminate against Users who choose to exercise their rights under the CCPA.

Data Retention
For information on our data retention practices, please see the section “Retention” above.

Changes to this Services Notice
We reserve the right to update or change this Services Notice from time to time. For clarity, any update or change to this Services Notice will not change or modify the Customer Agreement.

Contact Information
We have a dedicated Privacy Team that is responsible for the implementation of our global privacy program. For questions or comments about this Services Notice or our privacy practices, please contact privacy@servicenow.com. Customers or Users who need assistance to update, change, or remove information from the Service should log a ticket through our customer support portal.

For written inquiries, please contact us at:

ServiceNow, Inc.
Attn: Privacy
2225 Lawson Lane
Santa Clara, CA 95054