We are a global company. As a global company, we may transfer your personal information to various locations around the world for the purposes described in this privacy notice. We apply the protections and limitations described in this privacy notice regardless of where we process your personal information.
We also comply with various legal frameworks that enable the cross-border transfer of personal information. Where required, we rely on transfer mechanisms that lawfully support data transfer to other jurisdictions, such as Standard Contractual Clauses, “adequacy” determinations, obtaining your consent or another recognized transfer mechanism.
Veeva and the Data Privacy Framework
Veeva Systems Inc. complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF (UK Extension), and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. We have certified to the U.S. Department of Commerce that we adhere to the (i) EU-U.S. DPF Principles with regard to the processing of personal information received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension, and (ii) Swiss-U.S. DPF Principles with regard to the processing of personal information received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy notice and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the DPF program and to view our certification visit the Data Privacy Framework Program website.
If you have questions or concerns regarding our handling of your personal information under the DPF or about our privacy program generally, please contact us at privacy@veeva.com. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request. If neither process resolves your question or concern, you may be able to pursue binding arbitration; visit the Data Privacy Framework Program website for more information about how to submit a complaint.
The Federal Trade Commission has jurisdiction over our compliance with the EU-U.S. DPF, the UK Extension, and the Swiss-U.S. DPF. We remain responsible for personal information that we transfer to third parties for processing on our behalf. We may be required to disclose personal information that we handle under the DPF in response to lawful requests by public authorities, including to meet national security or law enforcement requirements, as described in more detail by our Government Access Request Policy.