Privacy Notice

This Privacy Notice describes the ways in which Pegasystems Inc. including our affiliates (“Pegasystems”, “Pega”, “we”, “our”, or “us”) may collect, process, use, and disclose information about you through the websites, social media properties, phone calls and meetings, applications, contractual and precontractual activities, your visits to our offices, other online services operated by us, and Pega-hosted or co-branded events, assets, or contests (collectively, the “ Services”), and the choices you can make about the way your information is collected and processed through the Services. By using any Service, you consent to the processing of your information as set forth in this Privacy Notice, now and as may be amended by us from time to time.

This Privacy Notice does not apply to any third-party applications or software that integrates with the Services, or any third-party products or services. We enter into contracts with our clients (“Clients”) for Pega products and services. The processing of personal information in the context of Client applications (each, a “Client Application”) that are built on or incorporate Pega software or cloud services is controlled by the Client and is subject to the Client’s privacy policy and practices, which may differ from this policy. We make no representation or warranty as to the privacy policies or practices of third parties, including our Clients or providers of third-party applications. If you are submitting data to any third-party we encourage you to review such third party’s privacy notice.

Pega Marketplace

This Privacy Notice also applies to the use of Pega Marketplace (“Marketplace”) and the third-party applications made available through that Marketplace. We collect usage information related to that Marketplace, including features used, dates and time of access in order to facilitate and improve the use of the Marketplace. If you fill out a lead form for a packaged service offering, we will collect your contact information and with your consent send your contact information on that lead form to the Marketplace partner to indicate your interest. For avoidance of doubt third party applications available on the Marketplace are subject to that third party privacy policies and practices.

Table of Contents

What information do we collect and receive?

We and our service providers may collect and receive both personal information and other information from a variety of sources that generally fall into three categories:

1. Direct Interactions: Data from your use of, and interaction with us through, any Service, social media channel and/or other activity such as account creation, managing user profile(s), uploading documents, participating in a virtual or live event or contest. Along with Client support requests or other interactions related to a pending or signed contract or testing, submissions of registrations and posting to forums, visits to our office or sales inquiries and transactions.
2. Automated Interactions: Data from the use of technologies such as electronic communication protocols, robotics and analytic tools, cookies, server logs in support of a subscription Service, embedded URLs or pixels, or widgets, buttons and similar tools.
3. Publicly Available Data / Data from Third Parties: Data from automated interactions on non-Pega websites, or other data you may have made publicly available, such as social media posts, or data provided by third party sources, such as marketing lists, partner referrals, or data aggregators.

1. Direct Interactions

You, or the organization you work for, may submit data that includes your name, contact information (such as a physical address, email address, phone number, username), password, employer, job title, activity logs, and registration information to us when using the Services. We also collect and receive information when you:

• create and manage a Pega account;
• participate in our message boards and discussion forums, or other interactive features;
• interact with us on social media or through the Services;
• apply for a job (our Candidate Privacy Notices can be found here); 
• make a purchase (e.g., purchase credits for use at Pega Academy);
• participate in polls and surveys; register for events and self-study courses;
• sign up to receive electronic newsletters and other materials;
• download or request software, product upgrades, reports, and other information;
• upload documents to our Services or sites;
• submit a partner, reseller, or ISV diligence questionnaire;
• submit an RFP or customer questionnaire;
• interact with us in relation to a possible, pending or signed contract or testing;
• participate in Pega-hosted and/or co-branded events or contests, including in-person events and online events, webinars, or similar events, or download content from our website, affiliate websites or partner websites when co-branded;
• submit an application for any Pega program, including Pega Launchpad or Pega Ventures
• contact us with a question, comment, or request, including requests for technical support;
• other communication with us including via emails, chats, phone calls, texts, web messaging or similar tools which may be recorded, transcribed or otherwise saved by us; or
• visit our offices as a guest.

The information that you or an authorized third-party provide(s) us may include one or more of the following:

• your name, your photograph, your voice audio recording and/or transcript of such recording, your video image or biometric information, your title, your company, and contact information such as your physical address, email address and phone number;
• username, password, and other registration information;
• transaction-related information;
• information you provide when you are visiting our offices or attending a live or virtual event sponsored or co-sponsored by Pegasystems (including with your consent scanning your badge which may provide certain information about you such as name, company name, email address, sessions attended etc.)
• information you provide when submitting a support request;
• information you provide when submitting a job application;
• information related to your professional skills or certifications;
• information you provide when you make a request or otherwise contact us;
• information about your business, business plans and other items or materials contained in your application for Pega Ventures and other partner programs or websites; and
• any other information you choose to make public as part of the contractual or precontractual relationship or as related to the Services (e.g., information such as id or name, biographical information, photo, areas of expertise or certification etc. disclosed to other users on MyPega, Pega Community, www.pega.com, Pega Academy, collaboration spaces or groups and other online communities (collectively, “Online Communities”))
• personal information you provide by text messaging or similar tools.

Please note that due to pandemics, epidemics or health emergencies we may ask you, to the extent allowed by and in a form permitted by privacy laws, to provide your health information, including your exposure to infections, your vaccination status or test results, your recent travels, related symptoms and temperature.

When you use a Service, we will collect and store information about your use of these Services, including contracts you negotiate and sign, RFPs and questionnaires you submit, Pega and partner and event sponsor events you attend and assets you download, Pega communities in which you participate, courses you have registered for, courses you have completed, and certifications that you have received. You agree that event sponsors (which category may include our Clients or partners) may use such information in accordance with their own privacy policies, and Pega is not responsible for the privacy practices of such sponsors.

2. Automated Interactions

When you use a Service, we collect automated information about your use of such Service, including your IP address, type of browser, location, device information, pages viewed, access time, actions taken and features viewed, pages you visited before navigating to a Service, and the search terms you enter on the Service. This information allows us to recognize you and personalize your experience if you return to a Service, to improve the Services and the products and services we provide, and to provide you with advertisements targeted to your interests (commonly referred to as “Targeted Advertisements”). We and our service providers, contractors, partners and resellers (who are under the agreements limiting their use to specific purposes) may collect and store this information using “cookies,” which are small text files that many websites save on your computer when you visit and access when you return, or similar technologies such as web beacons or pixel tags. We use the following types of cookies on our website:

• cookies which are required to enable core site functionality
• functional cookies which allow us to analyse site usage so we can measure and improve performance; and
• advertising cookies – used by advertising companies to serve ads that are relevant to your interests.

For more information about the use of cookies on the Services, specific listing of cookies and how to exercise your cookie preferences, please review your Cookie Preferences, which can be accessed by clicking on the Cookie Preferences link on www.pega.com.

If you opt out of and later clear cookies, you will need to opt out again after clearing cookies. If you opt back in at any point, you control opt in/opt out, and you will need to opt out again if you wish to do so. If you opt out and later visit our website using a different browser or device, you will need to opt out through the other browser or device.

We and our service providers, contractors, partners and resellers also use Google Analytics, which collects and processes certain technical information from your computer or mobile device such as the web address of the page that you are visiting and your Internet Protocol address. More information can be found at “How Google uses data when you use our partners’ sites or apps,” located here. Where required we will seek your consent for use of Google Analytics before collecting such information. To opt out from collection of your information via Google Analytics, please visit Google’s site here.

To customize your experience, our mobile applications may collect precise information about the location of your mobile device, but only with your express consent. Once you have consented to the collection of the precise location of your mobile device, you may adjust this consent by managing your location services preferences and language choices through the settings of your mobile device.

Our online services do not collect precise geolocation data from GPS sensors. However, we do collect IP addresses from which we can determine your general location (such as your city, state/province, and postal code).

When a third party provides you with a product or Service which is built on Pega technology, that product or Service may have cookies to enable their functionalities and improve performance. We encourage you to make yourself familiar with relevant third-party notice.

Our automated means of processing include artificial intelligence (AI) which we define as technology to enable learning and decision making to reach business outcomes similarly to human interaction. When we are data controller, we or our third-party sub-processor perform manual reviews of some of the results produced by our automated methods to train and improve the accuracy of such automated methods.

3. Publicly Available Data / Data from Third Parties

We may collect or receive business-related information about you from public sources and various third parties, including our partners and resellers and providers of marketing lists. We may also obtain your business contact information from individuals at your organization. Information from public sources may include business contact data obtained from search information providers such as Google or social media platforms such as LinkedIn. On occasion, we may purchase third-party marketing lists of business contact data to send direct marketing communications.

How do we use this information?

Personal data transferred to us by a Client (“Client Data”) will be processed in accordance with the Client’s instructions as set forth in our contract with that Client (“Client Agreement”), and as required by applicable law. Client may use our cloud service to: (a) grant and remove access to a Client Application; (b) assign roles and configure settings, access, modify, export, disclose and remove Client Data; and (c) otherwise apply its policies to the Client Application. If your personal information is being processed as Client Data and you wish to exercise any rights you may have to access, correct, update, port or delete such personal information, please inquire directly with the Client. We will refer your request to that Client and will support them as needed in responding to your request.

Integrations with Third Party Applications

Our Services include some features which allow users to integrate with third party applications and which may bring in data from those applications to the Services provided by Pegasystems. The Controller of such data is responsible for implementing such integration in a way which is in compliance with applicable laws. For more information, see Pega Marketplace here. For more information about the purpose and scope of data collection from such third-party applications, please review the privacy notices of third parties which provide such applications.

We may process and use your personal data and other information that we collect or receive for a number of purposes as necessary to fulfill contractual obligations and other lawful bases, such as our legitimate interest in engaging in commerce, offering products and services, performing due diligence on Clients, prospects and business partners, preventing fraud, ensuring information and network security, conducting direct marketing and complying with industry practices, including:

• delivering and performing Services and fulfilling our contractual obligations under applicable agreements, and assessing new potential business opportunities;
• providing you with the products, pricing, services, or information you request;
• supporting your Client or partner relationship with us (e.g., notifying you of a product update or for billing, account management and other administrative matters);
• processing any transaction you have authorized;
• processing an employment application;
• verifying your identity;
• registering office visitors for security reasons and managing non-disclosure agreements to the extent necessary for our legitimate interest in protecting our offices and our confidential information.
• evaluating your application for Pega Ventures and other partner programs;
• providing you with information about a Service or required notices;
• managing registration for a Service in accordance with the applicable terms of use and reviewing your compliance with the use of our Services to ensure compliance with applicable terms;
• delivering Targeted Advertisements and other marketing communications, promotional materials, or advertisements that may be of interest to you to the extent necessary to protect our legitimate interest in promoting our services (e.g., if you view a webpage about a particular product or service, we or a service provider of ours (in scope limited only to realization of a business purpose/service) may later display an advertisement for a related product or service on a different webpage that you visit through a Service or on another website that has a relationship with the service provider);
• allowing us to improve a Service and the products and services we provide, such as by better tailoring our content to your needs and interests;
• developing new products, facilitating product, software and applications development and conducting research, analysis, studies or surveys and identifying usage trends;
• generating and analyzing statistics about your use of a Service;
• tracking use of our Services and websites, verifying use of accounts and activities
• detecting, preventing, and responding to possible security incidents, fraud, intellectual property infringement, violations of our Terms of Use, violations of law, or other misuse of a Service;
• Facilitating any of the purposes outlined above under “What information do we collect and receive?”
• Complying with our legal obligations under applicable laws to protect our rights or enforce our agreements, pursuing remedies available to us, or complying with lawful requests or judicial proceedings; and
• Pursuing accounting, recordkeeping, security records and legal functions to meet our regulatory obligations.

We may use your personal information to interact with you on third party social networks. Our interactions with you on a third-party social network are subject to that network’s privacy policies and terms of use.

We provide social computing tools on some of our websites to enable online sharing and collaboration among members who have registered to use them. These include forums, collaboration spaces or groups, wikis, blogs, and other social media platforms. Information will be subject to and protected in accordance with this Privacy Notice, except for the information that is automatically made available to other participants as part of your profile or information you or an authorized third-party post on blogs and forums. When you participate in our online sharing and collaboration spaces or groups, you profile and collaboration input or posts will be visible to all participants and may be added to a given collaboration space or group.

We may combine or aggregate any of the information we collect or receive through the Services or elsewhere (e.g., through telephone, email, interactions on social media, or personal contact with us or our employees, product registration, call centers, or public events such as trade shows or seminars) for the purposes listed above.

When you make a purchase using a credit card on the Services, your credit card information is transmitted directly to our third-party payment processor. We do not store your credit card information and the third-party payment processor does not disclose your credit card information to us.

If you submit an application for Pega Launchpad, Pega Ventures or other partner programs, we may use your application and all information and materials included in your application for conducting due diligence, evaluating potential business transactions and tracking applicants, founders, investors and companies.

Our legal basis for processing personal data will depend on the type of personal data collected and the context in which it is collected. We may rely on our legitimate interest to process your data except where your interests under data protection laws override such legitimate interest. To the extent that our processing of your personal data is subject to the General Data Protection Regulation or other privacy laws which so allow it, we may rely on the specific legal bases described above to process your personal data. We may also process your personal data for direct marketing purposes and for administration of contractual or precontractual relationships, and you have a right to object to our use or sharing of your personal data for this purpose at any time.

In some cases, we may rely on your consent or have a legal obligation to collect personal data from you. If/when we rely on such consent as a legal basis to collect or process your personal data, we will obtain such consent in compliance with applicable laws. We will obtain your consent to the processing when this is mandatory under the law except where specific statutory exceptions will apply.

If you have questions about our legal basis for processing your data, please contact us at [email protected]

If you believe our processing of your personal data is inconsistent with applicable data protection laws, you may lodge a complaint with your local supervisory data protection authority.

Reasons we disclose personal data

We may disclose the information we collect and receive about you to:

• our affiliates and subsidiaries worldwide for business purposes, including Client support, contractual and precontractual administration, marketing, technical operations and account management purposes;
• Contractors, business partners, and service providers worldwide who work on our behalf to support our services and provide services on behalf of our clients and who have contractually agreed to keep the information confidential and use the information solely to carry out the services that they are performing for us, including hosting, storage, data analysis, implementation, and assisting us with reviewing your application for Pega Ventures and other partner programs;
• third parties, partners, resellers and ISVs worldwide for our marketing, advertising, events, promotions or other similar purposes, including service providers, event sponsors and third-party data enrichment providers (with whom we limit their use of your personal data to specific agreed purposes), who also help us keep your business contact information (e.g. name, title, company, work email address, etc.) complete, current and accurate.
• your employer if it is our Client or partner;
• other users of our Services, consistent with your privacy settings (we encourage you to review the privacy settings when creating an account and make any required adjustments). Note that some activities are public by nature, so if you choose to upload your personal information to our Services which are publicly accessible your personal information will be visible to others;
• the courts, regulatory or tax authorities, or the government, as required by law, such as to comply with a subpoena or other legal process, a court order, requests from regulatory or tax authorities, or government reporting obligations;
• to protect our rights, property and safety;
• other third parties with your consent, including where we notify you through the Services that your information will be disclosed in a particular manner and you proceed to disclose such information;
• when we believe in good faith that disclosure is necessary (a) to protect our rights, the integrity of any Service, or your safety or the safety of others, or (b) to detect, prevent, or respond to possible security incidents, fraud, intellectual property infringement, violations of our Terms of Use, violations of law, or other misuse of any Service; and
• contractors, business partners, service providers, advisors, and other third parties worldwide to the extent reasonably necessary to manage our business and/or to proceed with the negotiation or completion of a merger, acquisition, financing, public offering of securities, reorganization, or sale of all or a portion of our assets

In addition to the above, we may disclose de-identified information, such as reports on user demographics and traffic patterns, with third parties. We disclose your personal information only as permitted under applicable laws. We do not sell (as traditionally defined) your personal information, however some of the disclosures outlined in this Privacy Notice may be considered sharing/ targeting under certain laws. Disclosing to third parties is only as set forth in this Privacy Notice, to authorized service providers, business partners or contractors who have agreed to specific contractual limitations as to their use of such information, or if you use our sites or services to provide your information to it with third parties or direct us to disclose to such third parties in accordance with the privacy preferences you establish on our preference center. By going to our Preference Center, you may also: (i) manage what types of email you receive from us, (ii) update your contact information, and (iii) change how we process your information, including opt-out of sharing.

We may enable you to post information to certain parts of the Services, such as the Online Communities pursuant to the Terms of Use applicable to the Services. Information you disclose through any Online Communities may be publicly available. We urge you to exercise discretion and caution when deciding to disclose personal information, or any other information, through any Online Community. By using any Service, you agree to adhere to all applicable copyright laws.

A Service also may contain links to third-party websites and applications for your convenience and information. We do not control those third-party websites and applications or their privacy practices, which may differ from our own. You acknowledge and agree that we are not responsible for the collection and use of your information by third-party websites and applications that are not under our control, and that such information is not governed by this Privacy Notice.

How is your information secured?

We strive to maintain reasonable and appropriate administrative, technical, and physical safeguards designed to safeguard the information collected by the Services from loss, misuse, and unauthorized access, disclosure, alteration and destruction, taking into account the risks involved in the processing and the nature of the information. However, since no information system can be 100% secure, we cannot guarantee the absolute security of your information. Moreover, we are not responsible for the security of information you transmit to the Services over networks that we do not control, including the Internet and wireless networks.

You are responsible for limiting and controlling access to your devices and protecting your passwords as well as complying with the applicable terms of use. Note that when you create an account with a corporate email address, your information will be automatically disclosed to other members of that corporate email domain. Clients are responsible for managing access controls and giving access to their customer environments using Pega Services.

Where is this information processed?

Information collected through the Services will be processed using resources and servers located in any country where we have affiliates; and in any country where we engage sub-processors, including but not limited to Australia, Brazil, Canada, United Kingdom, Germany, Netherlands, Poland, India, Japan, Singapore and the United States. Therefore, your personal information may be transferred, processed and stored outside the country from where your information was collected by your use of or attendance on a Service. By using a Service, you consent to such transfer to, processing of and storage in, the United States and other countries.

International Transfers

By providing us with your information and confirming your consent, you agree to such transfer and/or processing. When we transfer your data outside of EEA, the UK or Switzerland we will implement appropriate safeguards to protect your data in a manner which provides a degree of protection similar to the EU (or UK or Switzerland as applicable). To achieve this (i) we put in place intercompany agreements incorporating Standard Contractual Clauses with our affiliates outside of the EEA, (ii) we rely on Standard Contractual Clauses or other lawful transfer mechanisms approved by the European Commission with our third-party providers outside of the EEA (or UK or Switzerland as applicable), (iii) we also adopted certain supplementary measures such as technical measures, including, where applicable, government access procedures, data minimization, encryption, enhanced access controls, or sharing with protected recipients and updated policies for reviews of data requests.

Pegasystems Inc. remains accountable for processing of the personal data in case of onward transfer.

Pegasystems Inc. complies with the EU-U.S. Data Privacy Framework (“EU-US DPF”), the UK Extension to the EU-U.S. DPF and the Swiss – U.S. Data Privacy Framework (“Swiss – U.S. DPF”) as set forth by the U.S. Department of Commerce. Pegasystems Inc. has certified to the U.S. Department of Commerce that we adhere to the EU – U.S., UK Extension to the EU-US DPF and Swiss – U.S. DPF Principles with regard to the processing of personal data received from the EU, the UK (and Gibraltar) and Switzerland in reliance (each to the extent applicable) on the EU – U.S., UK Extension to the EU-US DPF and Swiss – U.S. DPF.
If there is any conflict between the terms in this privacy notice and the EU-U.S., UK Extension to the EU-US DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles (each to the extent applicable) shall govern. To learn more about the Data Privacy Framework, and to view Pegasystems Inc.’s certification, please visit https://www.dataprivacyframework.gov/.

In compliance with the EU – U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss U.S. DPF, Pegasystems Inc. commits to resolve complaints about our collection or use of your personal information. Individuals in the European Union, the United Kingdom and Switzerland, as applicable, with inquiries or complaints regarding our privacy policy or EU-US DPF Principles the UK Extension to the EU-U.S. DPF and or the Swiss-US DPF should first contact [email protected]. We will respond to your inquiry promptly.
In compliance with the EU – U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss U.S. DPF Pegasystems Inc. commits to cooperate and comply with the advice of the panel established by the EU data protection authorities (DPAs), the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact the EU DPAs, the UK’s ICO or the Swiss FDPIC for more information or to file a complaint. Their services are provided at no cost to you.

If we transfer personal information received under the EU-US DPF, the UK Extension to the EU-U.S. DPF and or the Swiss-US DPF to a third party, the third party’s access, use, and disclosure of the personal data must also be in compliance with our EU-US DPF, the UK Extension to the EU-U.S. DPF and or Swiss-DPF obligations, and Pegasystems Inc. will remain liable under the EU-US DPF, the UK Extension to the EU-U.S. DPF and or the Swiss-US DPF for any failure to do so by the third party unless we prove we are not responsible for the event giving rise to the damage. Pegasystems Inc. is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). Under certain conditions, an individual can invoke binding arbitration. Pegasystems Inc. will disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

When we transfer data outside of other countries which provide for specific international transfer mechanisms or other governmental clauses, we will apply those as specified under the privacy laws and regulations.

Controller of Data

Data protection laws in certain jurisdictions differentiate between the “controller” and “processor” of personal data. In general, our Clients are the controller of Client Data and we are the processor of Client Data. For other personal data, for instance for business contact information, we may be the controller of such personal data. Pegasystems operates as a global company, and many different Pegasystems entities provide the Services in different parts of the world. For Client Data, the processor is the Pegasystems’ entity identified in the applicable data processing agreement. Our contact information for Clients is contained in the relevant Client Agreement.

For other personal data, Pegasystems Inc. is the controller, if applicable, and you may contact us at [email protected].

With reference to personal data regulated by Turkish privacy law – Pegasystems Ltd is the controller and may be contacted at [email protected].

Data Retention

We may retain other personal data in accordance with Pegasystems’ retention policies and applicable law for as long as necessary for the purposes described in this Privacy Notice. This may include keeping your personal data after you have deactivated your Pega account for the period of time needed for us to pursue legitimate business, conduct audits, comply with (and demonstrate compliance with) legal obligations, resolve disputes, and enforce our agreements.

We will retain Client Data in accordance with the applicable terms in the Client Agreement, and otherwise as notified to you. The Client may be able to customize its retention settings and apply those customized settings depending on the Pega product.

Your choices/Do Not Track

You may opt out of promotional emails by following the instructions in those emails or by managing your preferences as set forth below. You have the ability to access your Pega account and modify your Pega account information here. By going to our Preference Center you may also (i) manage what types of email you receive from us, (ii) update your contact information, and (iii) change how we process your information, including opt-out of sharing.

Cookies

As described in “What information we collect and receive”, we collect cookies on pega.com. You may set and change your cookie preferences by clicking on the Cookie Preferences link on www.pega.com. If you do not want the Services to collect information through the use of cookies, you can set your web browser to reject cookies from the Services. Each browser is different, so you should check your browser’s “Help” menu to learn how to change your cookie preferences. Blocking or rejecting cookies from the Services will impact your ability to use features and functionality of, and may prevent access to, the Services.

In certain states, including California, you may have the right to object to certain disclosures which may be considered “sharing” or “targeting” or request that we limit the use of your sensitive personal information by visiting this link: Your Privacy Rights and as otherwise set forth herein.

As you can control your preferences via the Preference Center and we honor the GPC signal (note that effectiveness of the latter may depend on using a specific browser), we will not respond to specific ‘Do Not Track’ requests.

Your rights

If you reside in certain states or in certain countries you may have one or more of the following rights available to you under data protection laws in relation to your personal data: the right to access, update, correct, receive, port, object, delete or restrict processing of your personal data. If you are located in the European Union, the UK or Switzerland you have the right to access your personal data, to rectify it, delete it, restrict or object to its processing and right to data portability.

Note that all these rights are subject to certain exceptions under applicable data privacy laws. To the extent applicable, these rights apply to consumers in countries and US States that have adopted privacy laws. Such states as of the date of this privacy notice are: California, Virginia, Colorado, Connecticut, Utah, Nevada, Delaware (starting January 1, 2025), Oregon (starting July 1, 2024), Texas (starting July 1, 2024), Montana (starting Oct. 1, 2024), Iowa (starting January 1, 2025), Tennessee (starting July 1, 2025), and Indiana (starting Jan. 1, 2026) (“US State Privacy Laws”). For more detailed information please refer to “US States” section.

• Right to know/Access – In certain jurisdictions, you have the right to request that we disclose certain information to you about our collection and use of your personal information. In California this includes the right to know what personal information we have collected, used, disclosed, and sold about you, including the categories of personal information, the categories of sources from which the personal information is collected, the business or commercial purpose for collecting, selling, or sharing personal information, the categories of third parties to whom Pegasystems discloses personal information, and the specific pieces of personal information Pegasystems has collected about you.
• To request access to your personal data that we have collected, used or disclosed please contact [email protected], or in states where this information can be requested by phone, by calling 1-617-866-6800.
• Update or Correct – It is your responsibility to maintain the accuracy of your data on your Pega account, including your correct email and organization affiliation. To update or correct your personal data, you can usually do this by updating your Pega account. If you already have a Pega account, click here. If you want to create a Pega account, click here. Otherwise, to correct inaccuracies in your personal information, taking into account the nature of the personal information and the purposes of the processing please contact [email protected].
• Port – To request a copy of your personal data that we have collected in a commonly used and machine-readable format, please contact [email protected].
• Object – To object to processing or sharing of your personal data please contact [email protected]. In certain jurisdictions including California, you have the right object to certain disclosures which may be considered “sharing” by visiting this link: Your Privacy Rights and as otherwise set forth herein. Please note that clearing your cookies at any time will remove the signal of your selected privacy preferences.
• Delete or Restrict Processing – To delete or change how we process your personal data for marketing purposes, please go to our Preference Center and follow the instructions set forth therein. To request deletion of all your personal data from our databases or to restrict the processing of your personal information, please email [email protected].

If your personal data (including your sensitive data) is processed based on your consent, you may withdraw your consent at any time, without affecting the lawfulness of our processing based on such consent before it was withdrawn.

To exercise any of the above-listed rights (with the exception of the right to lodge a complaint with a DPA, which you may do directly to a DPA), please follow the instructions above or contact us at [email protected]. We will process any requests in accordance with applicable laws and within a reasonable period of time (e.g., 30 days for certain requests under the General Data Protection Regulation). We may need to verify your identity and place of residence before processing your request.

We may take reasonable steps to authenticate your request and request information to verify you identity, considering the context of your request and your reasonable expectations. We may also reject your requests, where permitted by law or required to do so in accordance with applicable laws. Where we do not take the action requested, we will explain our reasons to you.

US States (including California CCPA)

CCPA

In this section, we provide additional information to California residents (as defined under the CCPA) about how we handle your personal information as required under CCPA.

We collect information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household (“CCPA personal information”).

We have collected and used the following categories of CCPA personal information in the past 12 months (from the last updated date outlined above):

1. identifiers, contact and other demographic and location information, including biometrics and cookies provided through Direct Interactions, automated interactions and publicly available data;
2. commercial information related to your transactions with us;
3. information related to your employment with us;
4. internet and other network activity information including device identification, IP address and geolocation within a certain distance and connection and usage data;
5. content that you generate or provide, such as audio or video or chat messaging or service messages, or messages by post, email or phone (as described in more detail above in this Privacy Notice;
6. other information you choose to provide us directly on our website or in connection with the use of our services.

For more detailed information see : “What information do we collect and receive?”; “How do we use this information?”; and “Reasons we disclose personal data”.

We collect personal data from the sources outlined in “What information do we collect and receive” above. For the business purposes for which we collect, receive, and disclose Personal Data, see “How do we use this information?” and “Reasons we disclose personal data” above.

In the previous 12 months, we have disclosed categories of CCPA personal information as outlined above for business purposes to the categories of recipients outlined under “What information do we collect and receive”, "How do we use this information” and “Reasons we disclose personal data”.

We do not sell (as traditionally defined) your personal information. However, like many other companies, we may disclose your personal information to our advertising companies for the purposes of cross-contextual advertising, which action may be considered sharing under CCPA. In California you have the right object to certain disclosures which may be considered “sharing” by visiting this link: Your Privacy Rights and as otherwise set forth herein.

Pegasystems may use sensitive personal information, as disclosed in “What information do we collect and receive”, “How do we use this information” and “Reasons we disclose personal data”. Pegasystems does not use or disclose sensitive personal information, as defined in applicable laws, for any purposes other than those permitted by applicable law.

For a description of how we handle the personal information of minors see “Children's’ information” below. We describe how we use and disclose your information in section “How do we use your information” and “Reasons we disclose your personal data”. We describe how we use search terms you enter on the Service in section “Automated Interactions.”

In addition to the rights outlined under “Your Rights” above, CCPA provides California residents with certain additional rights. California law permits California residents to request and obtain from us once a year, free of charge, a list of third parties to whom we have disclosed their personal information (if any) for their direct marketing purposes in the prior calendar year. The CCPA allows California residents, upon a verifiable consumer request, to request that a business that collects their personal information to give them access, in a portable and (if technically feasible) readily usable form, to the specific pieces and categories of personal information that the business has collected about them, the categories of personal information that the business has “sold” or “shared” as defined under CCPA, the categories of sources for that information, the business or commercial purposes for collecting the information, and the categories of third parties to which the information was disclosed and whether or not it was “sold or “shared”. California residents also have the right to submit a request to limit the use of information (as defined under CCPA) for purposes other than those automatically permitted under CCPA, to correct inaccurate information, to request that we delete information under certain circumstances (subject to limitations in CCPA), to limit the processing of sensitive personal information, and to opt-out of automated processing.

You have the right to be notified of financial offers and their material terms and the right to opt out of such incentives.

Under California “Shine the Light” California Civil Code Sections 1798.83-1798.84, California residents are entitled to contact us to prevent disclosure of Personal Data to third parties for such third parties direct marketing purposes.

In order to submit your request please contact us at [email protected] or call 1-617-866-6800. Consistent with CCPA, if you choose to exercise your rights, we won’t charge you different prices or provide different quality of services because you have exercised your rights.

You or your authorized agent, as defined under CCPA (with proof that such agent has been authorized on your behalf), can exercise your rights related to the use, transfer, correction, opting-out, limiting processing of sensitive personal information and disclosing your data under CCPA by providing sufficient information to validate your identity and describing your request in sufficient detail and using contact information given in section “Your rights”.

US State Privacy Laws (as defined above) in addition to California have the following general privacy rights and more specifically as noted for the states below:

• The right to confirm whether we process your personal information and/or access your personal information;
• The right to correct inaccuracies in your personal information, taking into account the nature of the personal information and the purposes of the processing;
• The right to delete personal information we have about you;
• The right to opt out of the processing of your personal information for purposes of targeted advertising, the sale of personal information, and/or profiling in furtherance of decisions that produce legal or similarly significant effects;
• The right to obtain a copy of personal information we have obtained about you in a portable and, to the extent technically feasible, readily usable format;
• If we deny your request, the right to appeal our decision.

Your Utah Privacy Rights (Starting December 31, 2023)

• The right to confirm whether we process your personal information and access your personal information;
• The right to delete personal information we have about you;
• The right to opt out of the processing of your personal information for purposes of targeted advertising and/or the sale of personal information;
• The right to obtain a copy of the personal information you have previously provided to us in a portable and, to the extent technically feasible, readily usable format;
• To submit any of the above requests, you may call us at 1-617-866-6800. or contact us at [email protected].

Your Nevada Privacy Rights

• The right to confirm whether we process your personal information and access your personal information;
• The right to review and request changes to your PII;
• The right to opt out of sale of your PII.

Your Iowa Privacy Rights (Starting January 1, 2025)

• The right to confirm whether we process your personal information and access your personal information;
• The right to delete
• The right to obtain a copy of the personal information you have previously provided to us in a portable and, to the extent technically feasible, readily usable format;
• The right to opt out of certain automated decision-making.

Your Delaware Privacy Rights (starting January 1, 2025)

• The right to confirm whether we process your personal information and/or access your personal information;
• The right to correct inaccuracies in your personal information, taking into account the nature of the personal information and the purposes of the processing;
• The right to delete personal information we have about you;
• The right to opt out of the processing of your personal information for purposes of targeted advertising, the sale of personal information, and/or profiling in furtherance of decisions that produce legal or similarly significant effects;
• The right to obtain a copy of personal information we have obtained about you in a portable and, to the extent technically feasible, readily usable format;
• The right to opt out of automated decision-making.
• If we deny your request, the right to appeal our decision.

To submit any of the above requests, you may call us at 1-617-866-6800 or contact us at [email protected]. By going to our Preference Center, you may also: (i) manage what types of email you receive from us, (ii) update your contact information, and (iii) change how we process your information, including opt out of sharing.

Children's information

The Services are not directed to, nor do we knowingly as a Controller collect information from, children under the age of 16. If you become aware that your child or any child under your care has provided us with information without your consent, please contact us at the contact information listed below. For Client Data which may contain personal data of children under the age of 16, please refer to the section “How do we use this information?” on processing of Client Data.

Changes to this Privacy Notice

If we update this Privacy Notice, we will notify you by posting a new Privacy Notice on this page and updating the revision date at the top of this notice. If we make any revisions that materially change the ways in which we use or disclose the information previously collected from you through a Service, we will give you the opportunity to consent to such changes before applying them to that previously collected information.

In order for you to receive notification in a timely manner, it is recommended that you promptly notify us when your contact information is updated. We encourage you to visit this page from time to time to check for any updates or changes to this Privacy Notice.

Contact us

If you have any questions about this Privacy Notice or our use of your information collected through the Services, please contact [email protected]. Our address is Pegasystems Inc., One Main Street, Cambridge, MA 02142 Attn: Chief Compliance Officer.

We also provide you with the additional country – dedicated contacts:

• Brazil – Roberto Paes, Chief of Data Treatment for Brazil, Pegasystems Serviços de Software do Brasil Ltda email: [email protected]
• Singapore – Data Protection Officer for Singapore at [email protected]
• Turkey – Esin Attorney Partnership,Ebula Mardin Cad., Gül Sok. No. 2 Maya Park Tower 2 Akaltar-Beşiktaş 34335, Istanbul, email: [email protected].
• India (Grievance Officer) – Tribhuvan Yadav, Senior Manager, Application Development, IT. Email: [email protected]