Services Privacy Statement

ServiceNow, Inc., including its subsidiaries and affiliates (collectively, "ServiceNow," "we," or "us"), respects the privacy of individuals.

This Services Privacy Statement (“Services Notice”) applies to our collection, use, and disclosure of information obtained in connection with the provision and use of our software applications and Mobile Applications (the “Subscription Service”) to the extent that we act as data controller (for example, in respect of account management and billing information).  It also applies to our processing of personal data in the context of the ancillary services provided through or by other platforms outside of the Subscription Service (including, for example, Now Learning, Now Community, Now Support, the App Store, the Partner Portal, and any other sites in the ServiceNow ecosystem) to the extent that we are acting as a data controller. In this Services Notice, all of these offerings in respect of which we are acting as data controller are collectively referred to as the "Services."

For clarity, this means that this Services Notice does not apply where we process personal data as processor on behalf of our Customers in the context of providing the Subscription Service. We or our Customers or Partners may also provide applications and integrations hosted by third party services. This Services Notice does not cover such third‑party services even if this information is collected using our Service.

This Services Notice also does not apply to information or data collected by ServiceNow for other purposes outside of or unrelated to the Service. Please see our Website and Event Privacy Statement for details on our privacy practices with respect to data processed in relation to our websites, events and marketing activities or our Applicant Privacy Statement which covers our privacy practices in relation to an individual’s application for employment at ServiceNow.

For the purposes of this Services Notice:

• “Customer” means the entity that purchases our Service (or who obtains a free trial of our Service, where applicable).
• “Customer Agreement” means the definitive agreement between Customer and ServiceNow under which the Customer purchased access to the Service.
• "Customer Data" means the electronic data uploaded into the Subscription Service by or for Customer or its Users.
• “Account Data” means a credit card or billing information, and the Customer or Partner representatives’ contact information.
• “Mobile Applications” means applications downloaded by an authorized user of our software applications to a mobile device.
• “Usage Data” means data derived from Users’ use of the Service. For the avoidance of doubt, Usage Data does not include or form part of Customer Data.
• “User” means an individual authorized to access and use the Services.
• “Partner” means an entity that sells ServiceNow products and services or provides services or technology to ServiceNow customers that relate to the Service.

How We Obtain Information

We collect several types of information from and about our Customers, Users, and Partners in the course of hosting, providing, maintaining, supporting, and improving our Services.  

We may act as a data controller with respect to personal data uploaded to our platforms . However, for the avoidance of doubt, we act as a data processor when processing Customer Data on behalf of our Customers in the course of providing the Subscription Service to them.

We may process personal data as a data controller that Users choose to submit to these platforms, which may include name, contact details, log in details, job titles, photographs, and education history. Where Users or individuals choose to provide feedback about the Services to our research team, we may process contact details, take photographs, collect audio and / or video recordings of Users. 

We also collect Account Data from our Customers or Partners.  Account data includes credit card or billing information and the Customer or Partner representatives’ contact information, job title, or information about the Services purchased or configured. 

We may obtain additional information through Mobile Applications that Customers or their Users download to their mobile device. In addition to the personal data Users provide, we also collect certain other personal data through the use of our Mobile Applications. For example, our Mobile Applications may also provide us with information related to a User’s use of the Mobile Applications, including information regarding a User’s device and operating system, language, location, and time zone. Mobile Applications may also collect information regarding a User’s interaction with Mobile Applications, which ServiceNow may use to provide and improve the Mobile Application and / or Services.

Additionally, we collect Usage Data directly from the User’s use of the Services. This may include usage patterns, session duration, traffic data, location data, approximate location, logs and other communication data, and the resources that the User accesses, as well as information about the User’s device and internet connection, including their operating system and browser type. 

Finally, we may process certain User login data for certain Services.

How We Use Information

We may process personal data for a number of reasons.  We may process Account Data for billing, account management, and contracting purposes. We may process Usage Data for general maintenance, support, security, and to improve the Service. We may process User log‑in data to administer individual accounts related to training/learning activities.

Where we have a Customer’s prior authorization and agreement, we may process their Customer Data for the purpose of training ServiceNow’s artificial intelligence (“AI”) and machine learning (“ML”) models. Additionally, we may also process other personal data which is not Customer Data (including data inputted by Users into other ServiceNow platforms), for the purpose of training these AI and ML models.  

We may also deploy AI and ML features within the Services to provide a better experience, and use of these features may involve us processing any personal data submitted to them. By way of example, we may process data submitted in Now Support to generate suggested solutions for our Users or to produce more relevant search results. We recommend that Users do not submit sensitive or confidential information to Now Support.

We may use third party service providers to deploy or assist in the deployment of AI or ML features or to train our models, which may involve the transfer of personal data to those third parties. 

By registering for the Service, ServiceNow will create a profile on the User’s behalf that will allow the User to access any of the other ServiceNow designated sites using the same username and password for all sites. The personal data may be collected during registration and/or use of any one of these sites that the User choose to make public, may be visible to other users of the sites. In addition, the User’s personal data may be used by the other sites for the purposes of enhancing the User’s experience and improving the quality of our services.

We may also process Account Data and other personal data we receive from Users or representatives of Customers or Partners for other purposes, including to:

• operate, maintain, and improve the Services (including by asking for feedback in certain circumstances); 
• develop new products and features;
• provide Users, Customers, and Partners with information, products, or services that they request from us;
• carry out our obligations and enforce our rights arising from any contracts entered into between us;
• conduct industry analysis, benchmarking, analytics, and other business purposes;
• enforce our legal rights or to defend a claim or otherwise to protect the rights and property of ServiceNow and others;
• comply with legal and financial obligations.

Legal Basis

To the extent that we process personal data, including Account Data or Usage Data or certain User log‑in data, we do so on the basis of our legitimate business interest to do so (taking into account the fundamental privacy rights of any relevant individuals), and / or on the basis of compliance with a legal obligation, and / or on the basis of performance of a contract, and / or on the basis of consent, depending on the specific activity involved.

Where we process personal data to train AI or ML models, this processing is conducted either on the basis of the legitimate interests of both ServiceNow and our Customer, or consent from applicable data subjects, in order to improve our AI and ML models and, therefore, to provide a more accurate and reliable service to ServiceNow’s Customers and Users.  Where applicable, we also take steps to minimise the amount of personal data processed for this purpose.

How We Disclose Information Collected

We may disclose personal data covered by this Services Notice to the following categories of recipients:

• To our subsidiaries and affiliates as necessary for the purposes outlined above.
• To our contractors, Partners, and service providers we use to support our Services and Partners who provide services on our behalf and on behalf of our Customers (including AI and ML service providers, where applicable).
• To a potential buyer (and its agents and advisors) in connection with any proposed merger, acquisition, or any form of sale or transfer of some or all of our assets (including in the event of a reorganization, dissolution, or liquidation), in which case personal data held by us about our Customers, Users, and Partners will be among the assets transferred to the buyer or acquirer.
• To any competent law enforcement body, regulatory, government agency, court or other third party to: (i) comply with any court order, a request from any competent law enforcement agency, or any other legal obligation; (ii) enforce or apply the terms of the Customer Agreement or any contract to which ServiceNow is party; (iii) enforce or apply the terms of the agreement for partnership with our Partners; (iv) protect the rights, property, or safety of ServiceNow, its affiliates, employees, and agents and / or ServiceNow’s Customers, Users, or others; and (v) to defend against a legal claim. 
• To any other user of the site or any other sites in the ServiceNow ecosystem, where the User chooses to make that information public.
• To any other person at your direction or with consent to the disclosure.

We also disclose aggregated or de‑identified information that cannot reasonably be used to identify you. ServiceNow processes, maintains, and uses this information only in a de‑identified fashion and will not attempt to re‑identify such information, except as permitted by law.

International Transfers

We may store and process data covered by this Services Notice in: (i) any country where we have facilities; and (ii) any country in which we engage service providers. A list of ServiceNow’s global offices is available here.

For international transfers of personal data from the EEA, UK, or Switzerland, we implement such measures as are necessary to ensure we provide appropriate safeguards for the transferred data, including through the use of Standard Contractual Clauses or another lawful transfer data transfer mechanism.

Security and Breach Notification

ServiceNow maintains appropriate technical and organisational measures designed to protect the data covered by this Services Notice from accidental or unlawful destruction, loss, alteration, unauthorised disclosure, and access. ServiceNow personnel and service providers with access to such data are required to keep them confidential and secure. 

Retention

We retain personal data only for so long as we have an ongoing legitimate business need to do so (for example, to provide the User with a service they or the Customer or Partner has requested or to comply with applicable legal, tax, or accounting requirements, or to maintain a record of consent preferences).

Your Privacy Choices

Where we act as data controller, we provide Users with certain choices regarding the personal data they provide to us in accordance with applicable laws. Depending on where the User resides, the User may have the following rights:

• If a User wishes to access, correct, update, or request deletion of personal data, they may contact us to request the exercise of such rights.
• Depending on where you live, you may have additional specific privacy rights under applicable law, including the right to object to processing, to request restriction of processing, or to request a portable copy of personal data, or to lodge a complaint with us in relation to our processing of a User’s personal information. We will process your requests to exercise such rights in accordance with applicable data protection laws.
• Users have the right to complain to a data protection authority if they are unhappy about our collection and use of their personal data.
• Under applicable laws, Users may have the right to appeal where we make a decision in relation to their request regarding their personal data. 

We will respond to such requests in accordance with the requirements of applicable data protection laws. Please note that in order to fulfil a User’s request, we may need the User to provide certain information to verify their identity. Additionally, depending on where you reside, you can use an authorized agent to exercise your rights. We may request evidence that the User has provided such agent with authority to submit requests on their behalf and ask that the User verify their identity directly with us.  If you are an authorized agent seeking to make a request, please contact us at privacy@servicenow.com.

To exercise certain rights under applicable laws, Users may submit a form here. Alternatively, Users may contact us to exercise these or other rights using the details in the “Contact Information” section below.

Additional Information for Individuals Residing in California and Certain Other U.S. States

If you are a resident of the State of California, which has enacted the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (as amended, the CCPA), or if you are a resident of another U.S. state where ServiceNow is subject to similar requirements (the “Other States”), this section applies to you.

How We Collect, Use, and Disclose Personal Information

In addition to the chart below:

For information about the sources and categories of the personal information that we collect, please see the “How We Obtain Information” section above. 

For information on how and for what purposes we use personal information, please see the “How We Use Information Collected” section above. 

For information on how we disclose personal information (including to service providers), please see the “How We Disclose Information Collected” section above.

Sensitive Personal Information

We do not  collect or use sensitive personal information for purposes of inferring characteristics about you in connection with our Services.

We Do Not ‘Share’ or ‘Sell’ Personal Information Collected from Services. ServiceNow does not ‘sell’, ‘share’, or use for purposes of targeted advertising personal information that we collect in connection with the Services. For personal information that we collect from you through other channels, including our websites or events, we may disclose your personal information to certain third parties in way that could be considered a ‘sale’ or ‘share’ of your personal information or the use of your personal information for targeted advertising. Visit our Website and Events Privacy Statement to learn more.

Your Privacy Rights

If you are a resident of California or one of the Other States, you have the following rights:

• You have the right to know what personal information we have collected about you and to get access to that personal information. You can exercise that right by visiting our “Your Privacy Choices” link, calling our toll‑free number at 1 858 345 1444, or by contacting us at privacy@servicenow.com.
• You have the right to correct inaccurate personal information that we have collected about you. You can exercise that right by visiting our “Your Privacy Choices” link, calling our toll‑free number at 1 858 345 1444, or by contacting us at privacy@servicenow.com.
• You have the right to request that we delete the personal information that we have collected about you. You can exercise that right by visiting our “Your Privacy Choices” link, calling our toll‑free number at 1 858 345 1444, or by contacting us at privacy@servicenow.com.
• You have the right to request the portability of your personal information. You can exercise that right by visiting our “Your Privacy Choices” link, calling our toll‑free number at 1 858 345 1444, or by contacting us at privacy@servicenow.com.
• You have the right to appeal if we deny your request to exercise your rights of access, correction, deletion, or portability. You can exercise that right by contacting us at privacy@servicenow.com.
• For California Residents: If you have concerns about the outcome of an appeal, you have the right to contact the Office of the Attorney General for the State of California.
• You have the right not to be discriminated against for exercising your rights under the CCPA or laws with similar requirements. We will not discriminate against you for exercising your rights under the CCPA or laws with similar requirements.

When you exercise these rights, we may ask for additional information (such as an email address) that is reasonably necessary to complete your request or verify your identity, as required or permitted by applicable law. Depending on where you live, you may be able to use an authorized agent to exercise these rights. We may request evidence that have provided such agent with authority to submit requests on your behalf and ask that you verify the agent’s identity directly with us.  If you are an authorized agent seeking to make a request, please contact us at privacy@servicenow.com.

For information on our data retention practices, please see the section “Retention” above.

General

Changes to this Services Notice

We reserve the right to update or change this Services Notice from time to time. For clarity, any update or change to this Services Notice will not change or modify the Customer Agreement.

Contact Information

We have a dedicated Privacy Team that is responsible for the implementation of our global privacy program. For questions or comments about this Services Notice or our privacy practices, please contact privacy@servicenow.com. Customers or Users who need assistance to update, change, or remove information from the Service should log a ticket through our customer support portal.

For written inquiries, please contact us at:

ServiceNow, Inc.
Attn: Privacy
2225 Lawson Lane
Santa Clara, CA 95054

Our main establishment in the European Union for GDPR purposes is in Ireland, and our lead supervisory authority is the Irish Data Protection Commission (“DPC”).