Effective as of June 14, 2019
ServiceNow, Inc., including its subsidiaries and affiliates (collectively, "ServiceNow," "we," or "us") respects the privacy of its customer data.
This Services Privacy Policy (“Services Notice”) only covers our privacy practices with respect to the collection, use, and disclosure of information obtained in connection with the purchase and use of our hosted software applications (the "Subscription Service") and related support services ("Support Services"), as well as expert services, including professional services, training, and certification (the "Expert Services") that we provide to Customers (defined below). In this Privacy Statement, the Subscription Service, Support Services, and the Expert Services are collectively referred to as the "Service." This Service Privacy Policy also covers information processed by ServiceNow for customer and partner account management purposes (for example, customer address and billing information collected for processing Customer’s purchase of ServiceNow’s Service).
This Services Policy does not cover a Customer's use or disclosure of any information it stores in the Subscription Service. This Services Policy also does not cover any information or data collected by ServiceNow for other purposes outside of the Service. This Services Notice also does not cover the use or disclosure of any information stored in the Subscription Service when hosted by the Customer. Please see our Privacy Statement for details on our privacy practices with respect to data collected on our websites and at events.
For the purposes of this Services Policy:
As further described below, we collect several types of information from and about our Customers and Partners in the course of providing and supporting our Service.
Customers process Customer Data in the normal course of using our Service. Our use and access of Customer Data processed is limited to providing and supporting the Service and in accordance with the definitive agreement between Customer and ServiceNow pursuant to which the Customer purchased access to the Subscription Service (the “Customer Agreement”).
We host and process Customer Data at the direction of and pursuant to the instructions of our Customers. We also collect several types of information from our Customers, including:
We also collect several types of information from about our Customers and partners as a data controller, including:
We may use Customer Data to provide and support the Service, including updating and maintaining the Subscription Service and providing Support and Expert Services. We will not use, disclose, review, share, distribute, transfer, or reference any Customer Data except as permitted in the Customer Agreement or as required by law.
We may use information we collect about our customers and partners for billing and contracting purposes.
We may disclose personal information that our Customers, Partners, and Users provide to us to the following categories of recipients:
We store and process Customer Data in: (i) any country where we have facilities, and (ii) any country in which we engage service providers. A list of ServiceNow’s global offices is available here.
For international transfers of personal information from the EEA, we will implement such measures as are necessary to ensure we provide appropriate safeguards for the transferred Customer Data, implementing appropriate safeguards to protect Customer Data, including through the use of Standard Contractual Clauses or another lawful transfer mechanism approved by the European Commission, and as agreed with our Customers.
We maintain an information security program designed to protect Customer Data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access. The Subscription Service allows Customers to implement and configure their use of the platform and enforce their security requirements, including user access controls and encryption.
ServiceNow has a dedicated team responsible for monitoring and responding to security incidents. ServiceNow notifies Customers of security breaches in accordance with the Customer Agreement.
We retain Customer Data according to the timeframes set forth in the Customer Agreement.
We retain General Information where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax, or accounting requirements).
We may obtain additional information through Mobile Applications that Customer or their Users download to their mobile device (“Device”). Mobile Applications we provide may obtain or collect information from a User’s Devices in connection with the User’s use of the Subscription Service, and are designed to interoperate with the Subscription Service; for instance, to provide a User with access to information within the Subscription Service or to provide information from a User’s Device to the Subscription Service.
In order to provide and operate the Mobile Applications, we need certain information from the User, and without that information our Mobile Applications wouldn’t work (or wouldn’t work very well). For example, we ask Users to provide some personal information, such as login credentials to access and use the Subscription Service through the Mobile Applications. In addition to the personal information Users provide, we also collect certain other personal information through the use of our Mobile Applications. For instance, Mobile Applications may use a Device’s geolocation data to provide services available through the Mobile Applications, including to send Users notifications. If a User has geolocation turned on, the Mobile Applications will, from time to time, tell us about a User’s Device’s location even if a User is not directly interacting with the Mobile Application. It may also tell us about a User’s Device location while the User is interacting with the Mobile Application. We may only be able to collect some of this information if the Device settings allow it, so Users should always review our Mobile Applications settings under the Device settings menu to select what information Users are happy for apps like ours to access or not to access.
Our Mobile Applications may also provide us with information related to a User’s use of the Mobile Applications, including information regarding a User’s Devices and OS identification, language, and time zone. Mobile Applications may also collect information regarding a User’s interaction with Mobile Applications, which ServiceNow may use to provide and improve the Mobile Application and Services. We may also obtain information when Users report a problem with our Mobile Applications. In addition, we may use information collected by our Mobile Applications to enforce our rights arising from contracts we enter into with the Customer or with a User.
To provide this Mobile Application, we work with our group companies and certain partners and service providers who may have access to your information. Information accessed or obtained by the Mobile Application on a User’s Device may be also accessible to the Customer and its organization, depending on the intended functionality of the Mobile Application. We may disclose User’s information to law enforcement, competent government authorities, court and other third parties where we believe are required to do so by applicable law or regulation (including a court order), or where we believe disclosure is necessary to exercise, establish or defend legal rights or to protect the vital interests of any person. If a third party buys all or part of our business or assets, then we may also disclose User information in connection with the sale. Where we do, we will inform the third party that it is required to use User’s information only for the purposes set out in this Services Notice. We may also share a User’s personal information to any other person with such User’s consent to the disclosure.
In addition to Mobile Applications we provide, third party Mobile Applications may be made available for download to a User’s Devices. The collection and use of information through third‑party Mobile Applications (if any) is governed by the applicable privacy notices of such third parties. Contractual terms related to a particular Mobile Application may be found in the End User License Agreement or relevant terms of service for that application.
Since each Customer is in control of what information, including any personal information, it collects from its Users, how that information is used and disclosed, and how that information can be changed, Users of the Subscription Service must contact the applicable Customer administrator with any inquiries about how the Customer uses and discloses personal information and how to access, rectify, correct, delete, and port personal information contained in Customer Data as well as object to or restrict the processing of personal information contained in Customer Data.
We provide you with certain choices regarding the General Information you provide to us. In particular:
We will respond to such requests in accordance with the requirements of applicable data protection laws. Please note that in order to fulfil your request, we may need you to provide certain information to verify your identity.
ServiceNow Applications for Third Party Services
We may also provide applications and integrations hosted by third party services (for example, messenger applications) for mutual customers that we have with such third‑party service providers. These applications and integrations will interact with the Subscription Service and our collection, use, and disclosure of information will be in accordance with this Services Privacy Statement and our Customer Agreement with the Customer. This Services Privacy Statement does not cover such third‑party service stores where we make our applications available. The use of any data you make available to such a third party is subject to that party’s privacy policy and your agreements, if any.
Third Party Websites and Applications
Customers, Partners and other third parties, including our consultants, may develop applications (including Mobile Applications) or provide services to you or other third parties using our Service. This Services Notice does not apply to information collected by Customers, our business partners, and other third parties or third‑party applications (including Mobile Applications) or services, even if this information is collected using our Service.
Changes to this Services Privacy Statement
We reserve the right to update or change this Services Privacy Statement from time to time. If we make material changes to this Services Privacy Policy, we will notify our Customers through an appropriate online notice (and obtain their consent where required by applicable law). For clarity, any update or change to this Services Notice will not change or modify the agreement between ServiceNow and Customer.
Contact Information
We have a dedicated Privacy Team that is responsible for the implementation of our global privacy program. If you have questions or comment about this Services Privacy Statement and our privacy practices or if you are a Customer and need to update, change, or remove information from the Service, please log a ticket through our customer support portal.
For written inquiries, you may contact us at:
ServiceNow, Inc.
Attn: Privacy
2225 Lawson Lane
Santa Clara, CA 95054