Marketo EU-U.S. Privacy Shield Notice

Effective Date: September 16, 2016
Amended: October 5, 2018

Marketo complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce and commits to subject to the Privacy Shield Principles all personal data that Marketo receives from the European Union (EU) in reliance on the Privacy Shield. More information regarding the Privacy Shield program, including Marketo’s certification, is located at Marketo also continues to adhere to the U.S.-Swiss Safe Harbor Framework and its principles with respect to personal data received from Switzerland.

Types of Personal Data Collected.

Marketo’s customers determine the types of data they submit to Marketo to process on their behalf in the course of using Marketo’s digital marketing automation services. Personal data provided by customers consists mostly of business-related information such as first and last name, entity information, business role, professional title, business contact information, business network, business experience, as well as activities, interactions, preferences and connection information (e.g., IP addresses). Marketo also collects the same categories of personal data for its own use.

Purposes of Collection and Use of Personal Data.

Marketo acts only as a data processor with respect to personal information from the EU and Switzerland that it receives from its customers.  Accordingly, Marketo has no direct relationship with the individuals whose information it receives from its customers or their business partners.  Marketo does not control such information, does not select or determine the specific types of data that it processes, and does not determine the purpose for which it is processed. 

Marketo also receives personal data from its customers, prospective customers and business partners for its own sales and marketing activities and internal business operations.  Marketo determines the purposes and means of processing such information and, in this context, acts as a data controller.  Marketo similarly acts as a data controller for information it receives as part of its provision of employee benefits and services and which it processes for its own employee administration purposes.

Disclosure of Personal Data to Third Parties.

Marketo may share personal data we collect with a limited number of third parties who process personal data on our behalf to provide Marketo’s services, such as subsidiaries, affiliates and subcontractors, as well as to select business partners with whom our customers have independently contracted and authorized such disclosures in connection with our services. Marketo may also disclose personal data to service providers contracted to provide services on our behalf.

Choices and Means to Access, Limit Use and Limit Disclosure of Personal Data.

EU and Swiss residents have the right to access personal data about them and to request the correction, amendment, removal and/or limitation of the use and disclosure of their personal data processed by Marketo. Such requests should be sent by email to [email protected] or by regular mail to:

ATTN: Privacy, Legal
601 Townsend St
San Francisco, CA 94103

Marketo has limited access to data we process on behalf of our customers in connection with our services. Therefore, requests to access, correct, amend, remove and/or limit the use and disclosure of personal data that Marketo processes on behalf of its customers should include the name of the Marketo customer who submitted your personal data to Marketo. We will forward such requests to the identified customer to respond directly to you and we will provide any necessary assistance in that customer’s response to your request.

Dispute Resolution and Arbitration.

If you reside within the EU or Switzerland, any inquiries or complaints regarding Marketo’s compliance with the Privacy Shield or U.S.-Swiss Safe Harbor programs should be sent to the Marketo email and postal addresses set forth above. Marketo will respond within 45 days.

If you do not receive timely acknowledgment of your complaint, or if you cannot resolve your complaint directly with Marketo, you can contact the International Centre for Dispute Resolution, the international division of the American Arbitration Association (ICDR/AAA), by visiting its web site at Marketo has engaged the ICDR/AAA as an independent dispute resolution provider to address unresolved Privacy Shield complaints.  

Under certain conditions, individuals may be able to invoke binding arbitration before the Privacy Shield Panel jointly created by the U.S. Department of Commerce and the European Commission.

Federal Trade Commission Enforcement

Marketo is subject to the investigatory and enforcement powers of the Federal Trade Commission with respect to its compliance with the EU-U.S. Privacy Shield Framework.

Disclosure Requests by Public Authorities.

Marketo may be required to disclose your personal data in response to a lawful request by public authorities, including to meet national security or law enforcement requests.

Onward Transfer Liability.

If a third party processes personal data on behalf of Marketo in a manner inconsistent with the Privacy Shield Principles, Marketo could be liable unless Marketo can prove that it is not responsible for the event giving rise to any damage.