Privacy policy

Last updated: December 30, 2019

  • Introduction

    Privacy is important to Conga.

    We are providing this Privacy Notice (“Notice”) to help you understand what personal data we collect, why we collect it, and what we do with it. Personal information or personal data means information relating to an identified or identifiable natural person. An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, and online identifier or to one or more factors specific to his/her physical, physiological, genetic, mental, economic, cultural, or social identity.

    We strongly encourage you to read this Notice carefully and contact our Privacy Office if you have any questions about our privacy practices or your personal information choices. If you do not agree to this privacy notice, please do not provide us with your data.

  • When does this privacy notice apply?

    This Notice applies to AppExtremes, LLC dba Conga and its worldwide affiliates and subsidiaries including Conga EMEA Ltd., Conga APAC Pty Ltd., and Octiv, Inc., collectively “Conga” and describes Conga’s policies and procedures regarding the collection, use, and processing of data from, or through, our websites (“Websites”) and Services (“Services”).

  • What information do we collect and how?

    Our information collection practices are intended for interaction in the business environment.  The nature of the business relationship and how you interact with us determines the data collected about you. Conga collects data regarding its current customers (“Customers”), potential customers (“Prospects”) and website visitors (“Visitors”) or event attendees (“Attendees”). We collect this information to operate our business, provide information on our services, and manage our relationships.  You will voluntarily provide most of your Personal Information directly to us.  We will also obtain Personal Information from other sources or persons.

    An overview of the categories of information we collect is outlined below:

    • We collect information that you voluntarily provide, such as by subscribing to Conga marketing communications, registering for events, or providing testimonials for our use on our Websites or other promotional materials. Information you directly provide to us include your personal identification data (for example, name, surname) and contact information (phone, email, address, country). Additional transaction and billing information is also required when procuring Conga Services or registering for Conga fee-based events.
    • We collect information automatically when you visit our Websites our use our Services. This information may include things such as your Internet protocol (IP) address, browser type, internet service provider, referring/exit pages, operating system, date and time stamp and clickstream data.
    • We collect Personal Information about you or your business which is publicly available, for example on your employers’ website, public professional social networking sites, the press; and relevant electronic data sources.
    • We may also collect Personal Information provided to us by third parties where such information is authorized and provided to us in connection with the relevant purposes set out in this Notice.
  • Information processing on behalf of Conga customers

    Please note that information pertaining to other individuals and entities provided by our Customers during their use of Conga Services is not collected or used by Conga and remains under the ownership of Conga’s Customers. Conga processes Customer data under the direction of its Customers, and has no direct control or ownership of the personal data it processes. Customers are responsible for complying with any regulations or laws that require providing notice, disclosure, and/or obtaining consent prior to transferring the data to Conga for processing purposes.

  • How do we use collected information?

    We use information we collect to provide our Services and for general business-related activities in the following ways:

    • Services and support. We use the information collected above to operate, maintain, and provide Conga Services and support; for billing, account management, and other administrative matters such as communicating with you regarding updates to the Services.
    • Product development and analytics. We use pseudonymized, aggregate data, to research, analyze, or further improve and develop our Services.
    • Communications and advertising. We use your Personal Information to record your communication preferences as well as to manage our event planning, marketing, and advertisement activities. We may also use your information to contact you about relevant products, services, and educational events or materials that we believe may be of interest to you such as product announcements, demos, webinars, newsletters, voluntary surveys, research or contest participation and upcoming event details.
    • Legal and compliance obligations. We may use and retain personal information for auditing, legal, or compliance reasons. Such purposes include compliance with lawful requests and legal process, the protection of the rights and property of Conga and our Customers, verification of effective operation by internal and external audits, and the detection, prevention, and investigation of fraudulent activities.
  • On what lawful basis do we use information?

    If you are an individual from the European Economic Area (EEA), we may rely on different legal bases to process the information we collect, including:

    • Your consent. If we rely on your consent as a legal basis for processing your data, you may withdraw your consent at any time.
    • The necessity to establish a contractual relationship with you and to perform our obligations under a contract
    • The necessity for us to comply with legal obligations and to establish, exercise, or defend our self from legal claims
    • The necessity to pursue our legitimate interests, including:
      • To ensure that our networks and information are secure
      • To administer and generally conduct business
      • To prevent or investigate suspected or actual violations of law, breaches of a business customer contract, or non-compliance with Conga policies
      • To maintain your marketing interests, attendance, and contact preferences
      • To measure the effectiveness of our marketing activities and to try and ensure that you only receive material and information from us that you are likely to find of interest. You have the right to ask us not to process your Personal Information for marketing purposes – and can exercise the right at any time by sending us an email at [email protected], or clicking on ‘unsubscribe’ in a Conga marketing email
    • The necessity to respond to your requests;
    • The necessity to protect the vital interests of any person;
    • Any other legal basis anyhow permitted by local laws.
  • How do we share information?

    As a global business, we will share certain Personal Information with our global offices and select third parties, subject to appropriate safeguards. We may share your personal information with third-parties for the purposes of operating our business, delivering, improving, and customizing our Services, sending marketing and other communications related to our business, and for other legitimate purposes permitted by applicable law or otherwise with your consent. When we share personal information, we do so in accordance with data privacy and security requirements. We will never share, rent, or sell your information to third-parties except as noted below:

    • Affiliated Companies. We may share personal data with companies that are affiliated with us (for example companies that control, are controlled by, or are under common control with us). We may also share information that is collected between Websites that we, or our affiliates, control.
    • Service Providers. We engage third-party subprocessors and subcontractors to help us provide you with the Services, for instance, Amazon AWS (Cloud hosting and related services). We may also share data about Conga Visitors, Customers, and Attendees with our contracted service providers so that these service providers can provide services on our behalf. Refer to our Subprocessors page for an up-to-date listing of Conga services Subprocessors
    • Compliance with the Law. We may disclose your information if we believe it’s necessary to comply with the law, such as to comply with a subpoena, regulation or legal request, respond to a government request, to address fraud or security issues, to protect the safety of any person, to enforce our agreements with you; to investigate, prevent, or take other action regarding illegal activity, suspected fraud or other wrongdoing or to protect our own rights or property. This includes sharing such information with our legal counsels.
    • Business Transfers. If Conga is involved in a bankruptcy, merger, acquisition, reorganization or sale of assets, your information may be transferred as part of that transaction to a successor in interest and to the applicable legal authorities as well as legal counsels and other professional counsels involved such as accountants, and other officers of the government or of the applicable judiciary instance. Customers will be notified via email and/or prominent notice on our Web site for 30 days of any such change in ownership or control of your Personal Information.
    • Behavioral Advertisers. We may permit third-party behavioral advertisers to use technology to collect information about your use of our websites so that they can provide advertising about products and services tailored to your interest. That advertising may appear either on our website or on other websites.
    • Blog / Forum. Our Websites offer publicly accessible blogs or community forums. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. To request removal of your personal information from our blog or community forum, contact us at [email protected] In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why.
    • Testimonials. From time to time, we may post testimonials on our Websites that may contain personal information. We obtain your consent to post your name along with your testimonial. If you wish to update or delete your testimonial, you can contact us at [email protected].
    • Links to Other Sites. Our Websites may contain links to other websites and the information practices and the content of such other websites are governed by the privacy statements of such other websites. We encourage you to review the privacy statements of any such other websites to understand their information practices.
  • When do we transfer information across borders?

    Conga is a U.S.-based global company. Conga affiliates, subsidiaries and their Websites and Services are available around the Globe. This means Personal Information may be processed in the country where it was collected as well as in other countries (including the United States) where laws regarding processing of Personal Information may be less stringent. In such cases, we have put in place organizational and legal measures to ensure that data transfers are lawfully conducted. Such measures include:

    Registered compliance with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks; Data Processing Addendums or Agreements including the Standard Contractual Clauses as approved by the European Commission and incorporating stringent requirements of Article 28 of the EU General Data Protection Regulation 2016/679. Please find Conga’s DPA at the following link for your execution, if necessary:

  • Privacy Shield Frameworks

    Conga complies with the EU-U.S. and the Swiss-U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and the United Kingdom and/or Switzerland to the United States in reliance on Privacy Shield. Conga has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit and search for “AppExtremes, LLC dba Conga”.

    Conga is responsible for the processing of personal data it receives, under the Privacy Shield Framework, and subsequently transfers to a third-party acting as an agent on its behalf. Conga complies with the Privacy Shield Principles for all onward transfers of personal data from the EU or Switzerland, including the onward transfer liability provisions. With respect to personal data received or transferred pursuant to the Privacy Shield Framework, Conga is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Conga may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

    In compliance with the Privacy Shield Principles, Conga commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Conga’s Privacy Office using the information in the How to Contact Us section below.

    Conga has further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit for more information or to file a complaint. The services of JAMS are provided at no cost to you.

    Additionally, Conga commits to cooperate with the EU Data Protection Authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner’s authority (as applicable) and comply with the advice given by such authorities with regard to human resources or other data transferred from the EU and Switzerland. Under certain conditions, more fully described on the Privacy Shield website, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.

  • How do we secure information?

    We use appropriate technical and organizational measures to protect the personal information that we collect and process about you. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal information. If you have any questions about security on our Web site, you can contact us at [email protected].

  • How long do we keep information?

    Except as otherwise permitted or required by applicable law or regulatory requirements, we may retain your personal information only for as long as we believe it is necessary to fulfill the purposes for which the personal information was collected (including, for meeting any legal, accounting, or other reporting requirements or obligations).

  • Your rights as a data subject

    You may request to access, rectify, or update your inaccurate or out-of-date personal information by contacting our Privacy Office at [email protected]. If you are from certain territories (such as the EEA), you may have the right to exercise additional rights available to you under applicable laws, including; the right to request erasure of your personal information, restriction of processing as it applies to you, object to processing and the right to data portability. You may always object to the use of your personal information for direct marketing purposes or withdraw any consent previously granted for a specific purpose at no cost to you. You may also have the right to lodge a complaint with a supervisory authority.

    To update your email preferences please navigate to Conga’s Email Preference Center where you can amend your email subscription settings or unsubscribe.

  • How do we use cookies and other tracking?

    We use cookies on our website and in marketing emails to help us manage and improve our websites, your browsing experience, and the materials or information that we send to our Customers, Prospects, Visitors, and Attendees. For more information on Tracking Technologies, Cookies, Advertising, and Choices please visit our Cookie Policy.

  • Do we collect information from children?

    Our Services are not designed for and are not marketed to people under the age of 16 (“minors”). We do not knowingly collect or ask for information from minors. We do not knowingly allow minors to use our Services. Please contact our Privacy Office if you believe we might have information from or about a minor.

  • How to contact us

    To exercise your rights regarding your personal information, or if you have questions regarding this Privacy Statement or our privacy practices, you may contact us by completing this form, or by mail at any of the addresses listed below:

    Conga (global headquarters)
    1400 Fashion Island Blvd
    Suite 400
    San Mateo, CA 94404
    United States

    We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If, however, you believe that we have not been able to assist with your complaint or concern, and you are located in the EEA, you have the right to lodge a complaint with the appropriate supervisory authority.

  • When will this notice be updated?

    We invite you to regularly visit this Privacy Policy in order to acquaint yourself with the latest, updated version of the Privacy Policy, so that you may remain constantly informed on how collect and use Personal Data.

    If you have any questions or suggestions regarding our privacy policy, please contact us at [email protected] or via postal mail at P.O. Box 7839 Broomfield, CO 80020.