Other Covered Entities

Decibel, Inc.
Strikedeck, Inc.
Zingle, Inc.


  • Information and Communications Technology
  • Software


EU-U.S. Privacy Shield Framework: Active

Original Certification Date: 7/27/2017
Next Certification Due Date: 2/29/2024
Data Collected: NON-HR

Swiss-U.S. Privacy Shield Framework: Active

Original Certification Date: 7/27/2017
Next Certification Due Date: 2/29/2024
Data Collected: NON-HR

Purpose of Data Collection

Medallia collects personal data of business contacts for purposes of providing information about our products and services to our customers, communicating with business partners, providing support, billing our customers, and conducting related tasks for legitimate business purposes. Medallia processes personal data on behalf of the customers of our SaaS platforms for the purposes of providing those platforms to our customers. Medallia uses a limited number of third party service providers and partners to assist us in providing our products and services to our customers. We may share the personal data of business contact with the providers of our business productivity software (such as email and teleconferencing platforms), consumer relationship management software, marketing and data enhancement software (including marketing communications automation platforms), help desk ticketing software, and billing and collections software in order to enable their respective business functions. If customers purchase Medallia products and services through our channel partners, such as distributors and resellers, we may provide the personal data of to such third parties to provide those customers with information about Medallia’s products and services. We may share personal data that is collected in our SaaS platforms (“EEA Customer Data”) with our subsidiaries, affiliates, partners and contractors who provide managed services and support for such platforms. We may also share EEA Customer Data with vendors to support our technical operations (including vendors who assist us with visitor analytics and SaaS event logging), assist with data transmission (including content delivery networks), and provide data storage. Depending on the technology integrations or features chosen by the customers who purchase our SaaS platforms, we may also provide EEA Customer Data to partners who provide such integrations or features (including, for example, interactive voice response, SMS, translation integrations, and screen capture features).

Privacy Policy

Non-HR Data


Medallia's notice of Privacy Shield certification

Effective Date: 4/20/2020

Verification Method


Dispute Resolution

Questions or Complaints?

If you have a question or complaint regarding the covered data, please contact Medallia, Inc. at:

Medallia Privacy
Privacy Inbox
Medallia, Inc.
6220 Stoneridge Mall Rd Fl. 2
Pleasanton, California 94588

Privacy Shield organizations must respond within 45 days of receiving a complaint.

If you have not received a timely or satisfactory response from Medallia, Inc. to your question or complaint, please contact the independent recourse mechanism listed below

Appropriate statutory body with jurisdiction to investigate any claims against Medallia, Inc. regarding possible unfair or deceptive practices and violations of laws or regulations covering privacy Federal Trade Commission