Services Privacy Statement

ServiceNow, Inc., including its subsidiaries and affiliates (collectively, "ServiceNow," "we," or "us") respects the privacy of individuals.

This Services Privacy Statement (“Services Notice”) applies to our collection, use, and disclosure of information obtained in connection with the provision and use of our hosted software applications  and Mobile Applications  (collectively, the "Subscription Service"), and related support services ("Support Services"), as well as professional services, including training and certification (the "Professional Services") that we provide to Customers (defined below). In this Services Notice, the Subscription Service, Support Services, and the Professional Services are collectively referred to as the "Service." 

This Services Notice does not apply to a Customer's use or disclosure of any information it stores in the Subscription Service. This Services Notice also does not apply to information or data collected by ServiceNow for other purposes outside of or unrelated to the Service. Please see our Website and Event Privacy Statement for details on our privacy practices with respect to data collected on our websites and at events.

For the purposes of this Services Notice:

• “Customer” means the entity that purchases our Service.
• “Customer Agreement” means the definitive agreement between Customer and ServiceNow pursuant to which the Customer purchased access to the Subscription Service.
• "Customer Data" means the electronic data uploaded into the Subscription Service by or for Customer or its Users.
• “Account Data” means a Customer or Partner’s name and address, credit card or billing information, and the Customer or Partner representatives’ contact information.
• “Mobile Applications” means applications downloaded by an authorized user of our hosted software applications to a mobile device.
• “Usage Data” means quantitative, anonymised, pseudonymised, or aggregated data derived from Users’ use of the Service. For the avoidance of doubt, Usage Data does not include Customer Data. 
• “User” means an individual authorized by the Customer or Partner to access and use the Subscription Service.
• “Partner” means an entity that sells ServiceNow products and services or provides services or technology to ServiceNow customers that relate to the Service.

We collect several types of information from and about our Customers, Users and Partners in the course of hosting, providing, maintaining, supporting and improving our Service.  We process several types of information from the Service as a data processor for our Customers, including:

• Information and correspondence submitted to us to us in connection our provision of the Service.
• Information we receive from our business partners in connection with provision or use of the Service or in connection with services provided by our business partners, including configuration of the Subscription Service.
• Server logs and any other ancillary data required to be processed in support of or in relation to the operation of the Service and the security of Customer Data.

We also process certain types of information from the Service as a data controller, including Account Data, Usage Data and certain User login data for certain Services.

We may process personal data within the Customer Data to provide and support the Service. We do not use, disclose, review, share, distribute, transfer, or reference any Customer Data except as permitted in the Customer Agreement or as required by law.

In addition, we may Account Data for billing, account management and contracting purposes. We process Usage Data for general maintenance, support, security, and improvement of the Service. We also process User log‑in data to administer individual accounts related to training/learning activities.

To the extent that we process Customer Data as a data processor, we do so in accordance with the Customer Agreement and the Customer’s instructions. 

To the extent that we process Account Data or Usage Data or certain User log‑in data as a data controller, we do so on the basis of our legitimate business interest to do so (taking into account the fundamental privacy rights of any relevant individuals), and/or on the basis of compliance with a legal obligation, and/or on the basis of consent, depending on the specific activity involved.

Where we have prior Customer agreement, we may process Customer Data as data controller for the purpose of training ServiceNow’s artificial intelligence (“AI”) and machine learning (“ML”) models.  Any processing is conducted on the basis of the legitimate interests of both ServiceNow and our Customer, in order to improve of these AI and ML models and, therefore, to provide a more accurate and reliable service to ServiceNow’s Customers and Users.  Where applicable, we also take steps to minimise the amount of personal data processed for this purpose. Users may exercise their right to object to this processing by contacting us. For further information on the exercise of your rights please see section “Your Privacy Rights” below.

We may disclose personal data comprised in Customer Data, Account Data or Usage Data to the following categories of recipients:

• To our subsidiaries and affiliates as necessary for the purposes outlined above.
• To our contractors, business partners and service providers we use to support our Service and business partners who provide services on behalf of our Customers.
• To a potential buyer (and its agents and advisors) in connection with any proposed merger, acquisition, or any form of sale or transfer of some or all of our assets (including in the event of a reorganization, dissolution or liquidation), in which case personal information held by us about our Customers and Partners will be among the assets transferred to the buyer or acquirer.
• To any competent law enforcement body, regulatory, government agency, court or other third party to: (i) comply with any court order, a request from any competent law enforcement agency, or any other legal obligation; (ii) enforce or apply the terms of the Customer Agreement; (iii) enforce or apply the terms of the agreement for partnership with our Partners; and (iv) protect the rights, property, or safety of ServiceNow, our Customers, Users, or others.
• In accordance with Customer instructions.

We may store and process Customer Data, Account Data and Usage Data in: (i) any country where we have facilities, and (ii) any country in which we engage service providers. A list of ServiceNow’s global offices is available here. Any international transfer of Customer data will be carried out in accordance with the requirements in the applicable Customer Agreement, and a list of ServiceNow’s sub‑processing entities is available here.

For international transfers of personal data from the EEA, UK or Switzerland, we will implement such measures as are necessary to ensure we provide appropriate safeguards for the transferred data, including through the use of Standard Contractual Clauses or another lawful transfer data transfer mechanism.

We maintain an information security program designed to protect personal data which we process from accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access. The Customer Agreement sets out specific details on how we secure Customer Data. The Subscription Service allows Customers to implement and configure their use of the platform and enforce their security requirements, including user access controls and encryption.

ServiceNow has a dedicated team responsible for monitoring and responding to security incidents. ServiceNow notifies Customers of security breaches in accordance with the Customer Agreement.

We retain Customer Data according to the timeframes set forth in the Customer Agreement.

In circumstances where we are a data controller, we retain personal data only for so long as we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax, or accounting requirements, or to maintain a record of consent preferences).

We may obtain additional information through Mobile Applications that Customer or their Users download to their mobile device (“Device”).  Mobile Applications we provide may obtain or collect information from a User’s Devices in connection with the User’s use of the Subscription Service, and are designed to interoperate with the Subscription Service; for instance, to provide a User with access to information within the Subscription Service or to provide information from a User’s Device to the Subscription Service.

In order to provide and operate the Mobile Applications, we need certain information from the User, and without that information our Mobile Applications wouldn’t work (or wouldn’t work very well). For example, we ask Users to provide some personal information, such as login credentials to access and use the Subscription Service through the Mobile Applications. In addition to the personal information Users provide, we also collect certain other personal information through the use of our Mobile Applications. For instance, Mobile Applications may use a Device’s geolocation data to provide services available through the Mobile Applications, including to send Users notifications. If a User has geolocation turned on, the Mobile Applications will, from time to time, tell us about a User’s Device’s location even if a User is not directly interacting with the Mobile Application. It may also tell us about a User’s Device location while the User is interacting with the Mobile Application. We may only be able to collect some of this information if the Device settings allow it, so Users should always review our Mobile Applications settings under the Device settings menu to select what information Users are happy for apps like ours to access or not to access.

Our Mobile Applications may also provide us with information related to a User’s use of the Mobile Applications, including information regarding a User’s Devices and OS identification, language, and time zone. Mobile Applications may also collect information regarding a User’s interaction with Mobile Applications, which ServiceNow may use to provide and improve the Mobile Application and Services. We may also obtain information when Users report a problem with our Mobile Applications. In addition, we may use information collected by our Mobile Applications to enforce our rights arising from contracts we enter into with the Customer or with a User.

To provide this Mobile Application, we work with our group companies and certain partners and service providers who may have access to User information. Information accessed or obtained by the Mobile Application on a User’s Device may be also accessible to the Customer and its organization, depending on the intended functionality of the Mobile Application. We may disclose User’s information to law enforcement, competent government authorities, court and other third parties where we believe are required to do so by applicable law or regulation (including a court order), or where we believe disclosure is necessary to exercise, establish or defend legal rights or to protect the vital interests of any person. If a third party buys all or part of our business or assets, then we may also disclose User information in connection with the sale.  Where we do, we will inform the third party that it is required to use User’s information only for the purposes set out in this Services Notice. We may also share a User’s personal information to any other person with such User’s consent to the disclosure.

In addition to Mobile Applications we provide, third party Mobile Applications may be made available for download to a User’s Devices.  The collection and use of information through third‑party Mobile Applications (if any) is governed by the applicable privacy notices of such third parties. Contractual terms related to a particular Mobile Application may be found in the End User License Agreement or relevant terms of service for that application.

Since each Customer is in control of what information, including any personal information, it collects from its Users, how that information is used and disclosed, and how that information can be changed, Users of the Subscription Service must contact the applicable Customer administrator with any inquiries about how the Customer uses and discloses personal information contained within Customer Data and how to access, rectify, correct, delete, and port personal information contained within Customer Data as well as object to or restrict the processing of personal information contained in Customer Data.

We provide you with certain choices regarding the personal data you provide to us which we process as a data controller. In particular:

• Certain jurisdictions, for example the European Economic Area, provide their residents specific privacy rights under applicable law. We will process requests to exercise such rights, including objection to, restriction of processing, andrequests for portability, access, correction, deletion of personal data contained  in accordance with applicable data protection laws. You may send us an email at privacy@servicenow.com to request the exercise of such rights.
• Certain jurisdictions, for example certain States in the USA such as California, provide their residents with additional control over how their data is shared/sold. ServiceNow does not sell personal data obtained from the operation of the Services to third parties. ServiceNow does not share this data for cross context behavioural advertising.

We will respond to such requests in accordance with the requirements of applicable data protection laws.  Please note that in order to fulfil your request, we may need you to provide certain information to verify your identity.

ServiceNow Applications for Third Party Services

We may also provide applications and integrations hosted by third party services (for example, messenger applications) for mutual customers that we have with such third‑party service providers. These applications and integrations will interact with the Subscription Service and our collection, use, and disclosure of information will be in accordance with this Services Notice and our Customer Agreement with the Customer. This Services Notice does not cover such third‑party service stores where we make our applications available. The use of any data you make available to such a third party is subject to that party’s privacy policy and your agreements with that party, if any.

Third Party Websites and Applications

Customers, Partners and other third parties, including our consultants, may develop applications (including Mobile Applications) or provide services to you or other third parties using our Service. This Services Notice does not apply to information collected by Customers, our business partners, and other third parties or third‑party applications (including Mobile Applications) or services, even if this information is collected using our Service.

Changes to this Services Notice

We reserve the right to update or change this Services Notice from time to time. For clarity, any update or change to this Services Notice will not change or modify the Customer Agreement.

Contact Information

We have a dedicated Privacy Team that is responsible for the implementation of our global privacy program. If you have questions or comment about this Services Notice or our privacy practices , please contact privacy@servicenow.com, or if you are a Customer or User and need to update, change, or remove information from the Service, please log a ticket through our customer support portal.

For written inquiries, you may contact us at:

ServiceNow, Inc.
Attn: Privacy
2225 Lawson Lane
Santa Clara, CA 95054