Effective: July 15, 2025

Veeva Systems Inc. and its subsidiaries are committed to protecting the privacy and security of your personal data. This Privacy Notice describes how we collect and process your personal data when you apply for a job with us or participate in recruitment-related events. This Privacy Notice also describes your rights in your personal data and how you can exercise those rights.

We drafted this Privacy Notice to describe our processing activities globally. In some jurisdictions, our processing may be limited under applicable local law, and in those cases, we comply with local law.

Personal Data We Collect

The personal data we collect, store and process about you includes, but is not limited to, the following:

  • Name and Contact (e.g., full name, maiden name, mailing address, email address, phone number and emergency contact);
  • Demographic (e.g., date of birth, gender, citizenship, residency, work permit status and military status);
  • Employment Details (e.g., work experience, employment references, salary and other compensation requests);
  • Background (e.g., educational background, transcripts, credit history and background screenings);
  • Financial (e.g., salary, tax information, benefits, expenses, company allowances and stock and equity grants); and
  • Any other information in your application and during our interviews and engagements that you choose to share with us (e.g., your photo, professional skills, personal preferences, hobbies, social preferences and information provided by your references).

We may also collect, store and process the following categories of sensitive (or “special categories” of) personal data:

  • Sensitive Identity (e.g., social security number, passport number and other government issued identification numbers); and
  • Sensitive Demographic (e.g., race or ethnic origin, religious affiliation, trade union membership, sexual orientation, gender identity and transgender status).

In jurisdictions that impose special protections on sensitive personal data, we will only process your sensitive personal data as required by law or with your explicit consent.

How We Collect Personal Data

We collect your personal data directly from you and from publicly accessible professional sources (e.g., LinkedIn and employer websites). We also collect your personal data from third parties, such as former employers, your named references, official bodies (e.g., regulators and criminal record bureaus) and our partners (e.g., recruitment event organizers and universities). When we collect your personal data from third parties, we do so with your consent (either expressly provided or implied by your actions). If permitted or required under applicable law, we may collect your personal data without your knowledge or consent.

How and Why We Use Personal Data

We process your personal data for the below listed purposes:

  • Recruitment (e.g., provision of recruitment events, selection and evaluation for the job you have applied for and for subsequent job opportunities and background and reference checks);
  • Compliance with Legal Obligations (e.g., anti-discrimination laws and data subject rights); and
  • Other Business Purposes (e.g., business management and planning, conducting data analytics, preventing fraud or violation of our policies and ensuring network and information security).

We will only process your personal data for the purposes we collected it for or for compatible purposes. If we need to process your personal data for an incompatible purpose, we will notify you and, if required by law, seek your consent.

Where applicable law requires us to process your personal data on the basis of a specific lawful justification, we generally process your personal data under one of the following bases: consent, compliance with a legal obligation, or for our overriding legitimate interest.

In certain cases (e.g., when we receive a high volume of applications) we may use automated decision-making technology to help us process your application. For instance, you may be presented with questions within the application form and your answers to those questions may automatically disqualify you from further consideration for the job (e.g., not speaking the relevant language, requiring sponsorship to work in the relevant country).

Sharing Your Personal Data

Veeva will not sell your personal data, including any sensitive personal data, or share it with third parties for cross-context behavioral advertising. When we share your personal data, we will ensure it is used in a manner consistent with this Privacy Notice. Veeva will only share your personal data internally and with our subsidiaries and other third parties, including service providers, for the following business purposes:

  • to support the purposes described in the section above entitled “How and Why We Use Personal Data”;
  • to enable third party service providers (e.g., consultants and advisors, background check providers, information technology providers and data hosting providers) to provide services on our behalf;
  • to comply with applicable law, legal obligations and valid legal processes such as search warrants, subpoenas and court orders;
  • to protect the rights and property of Veeva;
  • if a business transfer or change in ownership occurs and the disclosure is necessary to complete the transaction;
  • as necessary to establish, exercise or defend against potential, threatened or actual litigation; and
  • for additional purposes with your consent, where such consent is required by law.

When we share your personal data, we will take reasonable steps to ensure that we only share the minimum personal data necessary for specific purpose and circumstance.

Cross-Border Data Transfers

As a global company, we may transfer your personal data to various locations around the world for the purposes described in this Privacy Notice. We apply the protections and limitations described in this Privacy Notice regardless of where we process your personal data.

We also comply with various legal frameworks that enable the cross-border transfer of personal data. Where required, we rely on transfer mechanisms that lawfully support data transfer to locations that are not considered “adequate” by the appropriate data protection authority, which may include standard contractual clauses, obtaining your consent or other recognized transfer mechanism.

For transfers of personal data received from the EU, the UK and Switzerland to the United States, we comply with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF (“UK Extension”), and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”, together with the EU-U.S. DPF and the UK Extension, the “DPF”) as set forth by the U.S. Department of Commerce. We have certified to the U.S. Department of Commerce that we adhere to the (i) EU-U.S. DPF Principles with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension, and (ii) Swiss-U.S. DPF Principles with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this Privacy Notice and the DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit the Data Privacy Framework Program website.

In compliance with the DPF, we allow EU, UK and Swiss individuals the opportunity to choose (through an opt-out mechanism) whether their personal data is to be disclosed to a third party or used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized. The “Your Rights” section below provides more information about these rights and the mechanisms we provide to exercise them. In addition, if we collect sensitive personal data, we will obtain explicit consent before disclosing sensitive personal data to a third party or using it for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized.

EU, UK and Swiss individuals with inquiries or complaints regarding our handling of personal data should contact us at privacy@veeva.com. We commit to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs), the UK Information Commissioner’s Office (ICO), and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the DPF in the context of the employment relationship. If neither process resolves your question or concern, you may be able to pursue binding arbitration. Visit the Data Privacy Framework Program website for more information.

The Federal Trade Commission has jurisdiction over our compliance with the EU-U.S. DPF, the UK Extension, and the Swiss-U.S. DPF. We remain responsible for personal data that we transfer to third parties for processing on our behalf. We may be required to disclose personal data that we handle under the DPF in response to lawful requests by public authorities, including to meet national security or law enforcement requirements, as described in more detail by our Government Access Request Policy available at veeva.com/privacy.

Security of Your Personal Data

We protect your personal data using technical and organizational security measures designed to provide a level of security appropriate to the risk of processing your personal data. We limit access to personal data to those employees, agents, contractors and other third parties that have a legitimate business need for such access.

Your Rights

You may have certain rights in your data, including the right to access, correct and delete your personal data. You can exercise these rights by completing the form available at veeva.com/privacy-requests or by contacting us using the contact details provided below. If we process a request to change your personal data, we may maintain your prior personal data for as long as legally required. We will verify and respond to your request consistent with applicable law.

Data Retention

We will keep your personal data for so long as necessary for the purposes of this Privacy Notice or as long as required by applicable law. When it is no longer necessary to retain your personal data, we will delete or anonymize it.

Updates to this Notice

This Privacy Notice may be updated periodically to reflect any necessary changes in our privacy practices. In such cases, we will inform you via our website and indicate the date of the most recent updates.

Questions

Veeva’s privacy team (including a Data Protection Officer where required) oversees compliance with this Privacy Notice. If you have any questions about this Privacy Notice or how we handle your personal data, please contact the privacy team at:

Veeva Systems Inc.
4280 Hacienda Drive
Pleasanton, CA 94588 USA
privacy@veeva.com

If you are unsatisfied with our response to issues that you raise with us, you may have the right to make a complaint with the data protection authority in your jurisdiction by contacting the data protection authority.

Interested in learning more?

Contact Us