Docebo – Privacy Policy

Effective Date: 23/01/2024

WHAT THIS POLICY COVERS

This Privacy Policy covers the personal data we collect about you when you use products, apps, services or websites provided by Us (“Services”) that links to this document, or when you interact with us through a different channel (e.g. Docebo investor relations portal), unless a different policy is displayed.

A reference to “Docebo”, “We” and “Us” means Docebo S.p.A. and/or any of its other corporate affiliates, listed below in the “Contact us” section.

This Privacy Policy explains how Docebo collects and uses your personal data and the choices and rights available to you about the collection and use of your information, including how to update and correct your personal data.

Please read it carefully and if you do not want your information processed in accordance with this Privacy Policy, do not use our Services or interact with Us.

This Policy does not apply:

1. when We process personal data collected about you for our Docebo customers

In certain circumstances, We process your personal data as a data processor, which means on behalf of our customers (for example, where Docebo provides Services to an organisation, a company or academic institution). In these cases, it is the Docebo customer that is responsible for the processing of your personal data.

Docebo data protection practices will be regulated by the terms of a data protection agreement entered with the customer.

If you have questions or concerns about how your personal data is handled in these circumstances, including how to exercise your rights, you should contact the customer that has control over your account (e.g. your employer or account administrator) and refer to their separate privacy policies.

2. to third-party sites or integrations not controlled by Docebo

From time to time, We may include links on the Sites to third-party websites, or be able to integrate Docebo services with third-party integrations. In these cases, your personal data will be transmitted or otherwise made available, automatically (e.g. through API) or otherwise, to third parties. Please be aware that we do not control, monitor or are responsible for such websites, their web content while you are visiting their websites, and the processing of your personal data required by the third-party to use this integration. In these cases, We encourage you to review their privacy policies.

WHAT INFORMATION WE COLLECT ABOUT YOU:

In this Policy any reference to ‘personal data’ or ‘personal information’ is intended as any information that can identify or relate to you as individual person. We collect the following personal information from you as further described below:

1. Information provided voluntarily by you

Contact information, such as name, business email address, phone number, your photo, billing information, physical address, user ID, call recordings, login credentials, information or documents you input in open text fields in help/contact us forms, in the survey received or through our whistleblowing portal. By using our Services, you might choose to add a display name, profile photo, job title, and other details to your profile.

Content information, such the information you may choose to post, send, receive and share in our Services. Examples of Content information include the content viewed in the Services, training interactions, the files and links you upload and the aggregate insights obtained from this information.

Customer Support information, such a summary of the problem you are experiencing, and any other documentation or information that would be helpful in resolving an issue submitted to Us.

● Sensitive information, such your dietary needs or your health information.

We do not collect your payment information, such as your credit card or your Paypal account, but we ask our payment providers to manage this information on our behalf.

Photos and videos during our events

During our events, We usually take photos and videos that might include you and other attendees, speakers, or exhibitors to promote Docebo and our events. Such photos and videos may be used on our websites, promotional materials or press releases. This is voluntary, so please contact Us if you do not wish to appear in any images captured or recordings.

2. Information We collect automatically from you

Analytics information, such as when you visit and interact with any of our Services. This information includes the features you use; configuration data (ie the links you click on; the type, size and filenames of attachments you upload to the Services; frequently used search terms); diagnostic information and your interaction with third-party integrations and others on the Services.

Device information, including your connection type and settings, information about your operating system, browser type, IP address, URLs of referring/exit pages, online identifiers, device identifiers, and crash activity, collected through cookies, web beacons and similar technologies. For more information on how We use these technologies and how to turn them off from collecting your information, please see our Cookie Policy.

3. Information We receive from other sources

From time to time, We may receive information about you from:

● other end users,

● your colleagues,

● third-party providers,

● our corporate affiliates,

● professional social networks and publicly accessible websites,

● Third-party integrations set up with your Docebo account,

● and from our business partners.

We will collect this information only where these third parties are legally permitted or required to share your personal information to Us.

HOW WE USE YOUR PERSONAL INFORMATION AND WHICH LEGAL BASIS WE RELY ON:

We collect and process personal information for a variety of purposes, including:

Type of personal information

Purposes

Legal basis

Contact information

  • To send you an order confirmation and invoice you accordingly
  • To administer your account, including your single sign-on (SSO) access
  • To provide the Services to you
  • To respond to a demo or other customer service requests
  • To give you access to Docebo Community, Docebo University and connect you with other users
  • In case you are an investor, to send you financial, company related information and to allow you to exercise your rights as a shareholder.

Performance of a contract with you

  • To establish and manage our relationship with you, including informing you about Services or opportunities which might be of your interest
  • For safety and security to verify accounts and activity, to monitor suspicious or fraudulent activity and to identify violations of Service policies, including any ethics and whistleblower reporting from you

Docebo business legitimate interests

  • To send you marketing communications and newsletters
  • To conduct surveys and evaluate customer satisfaction
  • To interact with or use third-party tools or integrations

Docebo business legitimate interests, or, if required under applicable law, to the extent you have provided your prior consent

  • To manage registrations at our events (e.g. conferences, webinars, annual general meeting) and customer participation (including updates, possible changes, cancellations, accessibility, parking, logistics for the event)
  • Recording calls for training and quality assurance purposes

Your consent to process your data

  • To comply with legal obligations, including the cases where Docebo needs to respond to requests by government or law enforcement authorities.
  • To protect our legitimate business interests and legal rights

To comply with a legal obligation

Content information

  • For data labelling and machine learning to improve our algorithms, models and your experience (e.g. to predict the most appropriate content to add in a selected area of your Docebo domain)

Docebo business legitimate interests

Customer Support information

– To resolve technical issues, to respond to requests for assistance

Performance of a contract with you

  • To analyse crash information and to improve the Services

Docebo business legitimate interests

Analytics information

  • For research and development of our Services
  • To troubleshoot and to identify trends, usage, activity patterns and areas for integration and improvement of the Services
  • to monitor suspicious or fraudulent activity and to identify violations of terms of use or agreements

Docebo business legitimate interests

Device information

  • Display content based upon your interests
  • For adverting purposes
  • To develop and improve our websites

Docebo business legitimate interests, or, if required under applicable law, to the extent you have provided your prior consent

Sensitive information

  • To ensure that any catering available during our events can accommodate your dietary requirements
  • To make reasonable adjustments and accommodations to ensure accessibility to the event

Your consent to process your data

HOW WE SHARE YOUR PERSONAL INFORMATION:

We share your personal information with the third parties listed below in the following circumstances:

Service Providers

We provide your personal information to companies that provide services to help Us with our business activities (such as processing your payments or for share registry services). These companies are authorized to use your personal information only as necessary to provide these services to Us, in compliance with this Privacy Policy and appropriate data processing terms signed with them.

Affiliates and Subsidiaries

We may share the information We collect within the Docebo group of companies to provide services to you.

Your organisation’s Docebo administrators

If you’re using Docebo Services in connection with an organization or academic institution, your company’s own account administrator can have access to some information associated with you and connected with the Docebo domain they manage.

Docebo Community

In our community you are able to upload and share comments or feedback publicly with other Docebo users. Any information that you disclose in this forum is not confidential, and Docebo may use it for any purpose. You should be aware that any information you post openly in these ways will be potentially accessible through third-party search engines. Also, in the Docebo Community, your posts might remain accessible (but with your profile information removed where possible) to ensure the correct functionality of the Community.

Event sponsors

if you attend an event or webinar organized by Us, we may share your personal data with the sponsors of the event with your explicit consent if required by the applicable law.

Legal Authorities

We may also disclose your personal data as required by law, such as to comply with a subpoena or similar legal process when We believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request. Unless We are prohibited by law, We will notify you of any disclosure requirement.

● Potential parties involved in a business transaction

In case Docebo decides to merge with, or is acquired (entirely or partially) by, another company, or sell some of the services provided or a business unit, your personal data might be disclosed, under conditions of confidentiality, to our advisers and any prospective purchaser’s advisers. In this case We will inform you, via email and/or a prominent notice on our website, of any change in ownership, use of your personal data, and choices you may have regarding your personal data.

● Others

We may also disclose your personal data to any other third party with your prior consent (e.g. when you connect Docebo Services with third-party integrations).

HOW YOUR INFORMATION IS KEPT SECURE:

The security of your personal information is important to Us.

We follow generally accepted security standards and We have adopted commercially reasonable security measures to protect your personal data against accidental or unlawful destruction, loss, alteration, or unauthorized disclosure or access. We may use third-party products and services to secure or store your information. For more information on where We store and how We secure your information, please see our compliance and security page.

Depending on where you live, you may have a legal right to be notified in case of security breach. Overall, if you have any reason to believe that your interactions with the Services are no longer secure, please notify Us immediately at privacy@docebo.com.

We may, subject to applicable law, transfer your information outside the country where you are located, in countries to where information protection standards may differ (e.g. your information may be stored on servers located in other jurisdictions). We will utilise appropriate safeguards governing the transfer and usage of your personal information. See the following Section ‘How we transfer your data’ for further information.

HOW WE TRANSFER YOUR DATA:

Your personal information may be transferred to, and processed in, countries other than the country in which you are based, where Docebos ’affiliates, subsidiaries, partners or our third-party service providers operate.

Some of these countries, specifically Australia, are not offering an adequate level of protection and security. As a result, We take measures to ensure that your information is safe and protected in compliance with the applicable data protection laws, including:

reliance of Standard Contractual Clauses to transfer your data outside the European Economic Area, United Kingdom and Switzerland;

● implementation of organisational, contractual and technical security measures with our third-party service providers;

● establishment of an intra-group data transfer agreement for internal transfers of personal data within Docebo group of companies around the world.

A quick note about the Data Privacy Framework

We participate in and have certified our compliance with the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework and the Swiss-U.S. Data Privacy Framework (see our certification here). Docebo is committed to adhere to the Data Privacy Framework Principles in relation to all personal data received from European Union, UK and Switzerland.

Docebo NA Inc complies with the Data Privacy Framework Principles for all onward transfers of personal data from the EU, UK and Switzerland, including the onward transfer liability provisions.

With respect to personal data received or transferred pursuant to the Data Privacy Frameworks, Docebo is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Docebo may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Docebo is responsible for the processing of personal data it receives, under each Data Privacy Framework, and subsequently transfers to a third party acting as an agent on its behalf. Docebo NA Inc complies with the Data Privacy Framework Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.

With respect to personal data received or transferred pursuant to the Data Privacy Frameworks, Docebo is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Docebo may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

If you have an unresolved privacy or data use concern that We have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request. Under certain conditions, described in more details on the Data Privacy Framework website, a binding arbitration might be available when other dispute resolution procedures have been exhausted.

To learn more about the Data Privacy Framework, visit the U.S. Department of Commerce’s Data Privacy Framework List at https://www.dataprivacyframework.gov/.

HOW LONG WE KEEP YOUR INFORMATION:

We will retain your information for the time needed to fulfil the purposes described above, unless a longer retention period is required or permitted by law.

If your account is deactivated or disabled, some of your information and the content you have provided will remain in order to allow your team members or other users to make full use of the Services.

After the expiry of the applicable retention period, We will either delete your information or, if this is not possible (for example, because the information has been stored in backup archives), We will securely store your information and isolate it from any further use until deletion is possible.

In case you object from any marketing communications, or withdraw your consent, We will promptly stop using your information collected for these purposes. However, We will keep a permanent record of the fact that you have asked Us not to process your information so that We can respect your request in future.

TRACKING TECHNOLOGIES:

We and our marketing partners, affiliates, or analytics or service providers, use technologies such as cookies, beacons, pixel tags, scripts, and other similar technologies to analyse trends, administer our websites, tracking usage of our Services so we can provide a better experience to you.

In some cases, we partner with third parties to either display advertising on our website or to manage our advertising on other sites. Our third party partners may use technologies such as cookies to gather information about your activities on Docebo websites in order to provide you advertising based upon your browsing activities and interests.

Also, under California law, some of these activities may be interpreted as a ‘sale’ or ‘share’ of your Device information for commercial purposes, such as to provide advertisements, to analyse our marketing campaigns.

You have the right to opt-out of such “selling” or “sharing” of your personal information by changing your cookies preferences or by setting a Global Privacy Control (“GPC”) signal.

You can find more information about cookies, similar technologies and how to change your preferences in our Cookie Policy.

SOCIAL MEDIA WIDGETS:

Our website includes Social Media features, such as the Facebook Like button, and widgets, such as the ‘Share This’ button, or interactive mini-programs that run on our websites. These features may collect your IP address, which page you are visiting on our website, and may set a cookie to enable the feature to function properly. Social Media features and widgets are either hosted by a third party or hosted directly on our website. Please read the privacy statement of the company providing these features to understand how your personal data is processed.

EXERCISING YOUR RIGHTS:

Regardless your location, you have the right to know if We process your data, to amend or update inaccurate or incomplete information about you, to request deletion of your personal data, or request that We no longer use it. You may submit a request for access (i.e. request information on personal data collected, used, disclosed or processed by Docebo) as well. Some of these requests can be processed through the self-service features available inside the Docebo admin portal (See the User Management section for more information about these tools).

If you are a resident of European Economic Area, United Kingdom, Switzerland, or Brazil you can also submit a request (i) for rectification, or (ii) to object to our processing of your personal data, or even (iii) to have your data available in a structured, electronic format (‘data portability’).

Where you gave Us consent to use your information for a specific purpose, you can ask Us to withdraw that consent, but this will not affect the lawfulness of any processing activity already taken place before your withdrawal.

You have the right to opt-out of marketing communications We send you at any time. Please read the section ‘Marketing communications’ below for further details on these requests.

In some circumstances, We might need to verify your identity and your relationship with Docebo before proceeding with your request for security reasons.

Subject to a request required by law, Docebo might not be able to entirely comply with your request to withdraw.

In order to exercise your rights described above and/or submit inquiries or complaints regarding our processing of your personal data, you can do so at any time by contacting Us using the information given under the “Contact us” section below.

If you believe that We have not been able to assist you with your requests, you have the right to lodge a complaint with your local competent supervisory authority (contact details for European data protection authorities for countries can be found here and for the United Kingdom here).

1. Marketing communications

If you no longer want to receive marketing-related emails from Us, you can opt out of receiving such emails by clicking the “unsubscribe” link at the bottom of any marketing email you receive from Us. Please be aware that you will continue to receive certain communications from Us that are necessary for the Service (e.g. renewal notifications, invoices, technical updates).

If you are having difficulty unsubscribing from our marketing emails using the above method, please contact Us directly at the email privacy@docebo.com.

2. Your rights as end user

As described above, We also collect and process personal data submitted by Docebo customers under their instructions. If you wish to exercise any rights you may have under applicable data protection laws, please check their privacy policies and contact them directly.

If you make your request directly to Us, We will refer your request to the relevant Docebo customer (as long as they can be identified from the details you provided) and will support them as required.

3. California residents

In addition to the rights and information provided above, California consumers and their authorized agents can request:

  • information about the categories of personal information that We collect about you, including how We collect it, from which the sources We collect it, the business purposes pursued with your information and the way We share it with third parties. Please read sections above to obtain further details on how We manage your personal information;
  • to delete all your personal information.

To exercise these rights or for any other questions, please contact Us at privacy@docebo.com. We might need to take steps to confirm that you are authorised to make the request (e.g. by asking for a proof of residency or the consumer’s written authorization if you are an agent). You will not be discriminated against for exercising any of your privacy rights. However if you ask Us to delete your information, We may not be able to entirely provide our Services to you.

4. Nevada residents

In addition to the rights and information provided above, Nevada consumers can ask Us to opt out of any potential future sales (as defined in accordance with the applicable data protection law) by contacting Us at privacy@docebo.com. At the moment, Docebo does not sale any personal data collected from you.

CHANGES TO THIS PRIVACY POLICY:

We may change all or part of our Privacy Policy from time to time to reflect our data collection practices, in case of new features involving your personal data, or as required by the law. The version published on the Docebo main website (https://www.docebo.com/company/privacy-policy/) will be the most current version in force. Changes to our Privacy Policy will be effective immediately once published. We invite you to periodically review our Privacy Policy to be informed of any relevant changes, especially before providing any data to Us.

Your use of the Services following any amendments confirms that you have accepted the practices described in the revised Privacy Policy. If We make any material change to the Privacy Policy, We will notify you by email (sent to the e-mail address specified in your account) or by means of a notice on this website prior to the change becoming effective and ask for your consent if this is required by applicable law.

Any translated version of the English Docebo Privacy Policy is provided for reference purposes only. In the event of any differences between the English version and translated version of this Policy, the English version (available here) will prevail and control.

CONTACT US:

If you have any questions or concerns relating to our data protection practices, or wish to exercise any of your rights, please contact Us at privacy@docebo.com or by mail at Docebo headquarter:

Docebo S.p.A.

Legal department

Via Parco 47 – 20853 Biassono (MB) – ITALY

TRUSTe