Veeva and Privacy

Updated: April 2, 2024
Veeva Systems is committed to maintaining a privacy program that is designed around trust, transparency and respecting your rights in your personal information. This privacy notice describes how we process personal information, including what information we collect, why we collect it, how we use it, how we may share it, and your controls over your personal information. Veeva Systems Inc. is the data controller for Veeva’s products and services.


This privacy notice describes the personal information that we process as part of:

  • Our websites where this privacy notice is provided,
  • Veeva-sponsored events and marketing activities,
  • Engaging with representatives of our customers, suppliers and prospective customers and suppliers, and
  • Our products.

Our Job Applicant Data Privacy Notice can be found by visiting careers.veeva.com.


Websites. When you visit our websites, we collect the following types of information.

Category of Information Description
Device & Usage We collect device and usage information such as cookie records, browser type, internet service provider (ISP), device IP address, operating systems and versions, advertising identifiers, device motion data, web beacons and clickstream data.
Registration When you create an account, respond to surveys, register for events, subscribe to publications, or engage in any similar activities through our websites, we collect information that you provide through that process, such as your name, email address, phone number, username and password, job title and survey responses.
Account Verification If you log into an account you’ve created with us, we collect your IP address, username and password, and other related information we need to verify you are the account owner, before allowing you to access that account.

Events and Marketing. When you register to attend a Veeva-sponsored event, such as a webinar, summit or forum, or subscribe to our publications and newsletters, we collect the following types of information about you.

Category of Information Description
Registration When you create an account, respond to surveys, register for events, subscribe to publications, or engage in any similar activities through our websites, we collect information that you provide through that process, such as your name, email address, phone number, username and password, job title, survey responses and profile photos.
Account Verification If you log into an account you’ve created with us, we collect your IP address, username and password, and other related information we need to verify you are the account owner, before allowing you to access that account.
Transactional If there is a fee for the event you have registered for, we will collect information that allows us to collect and process your payment which may include your bank account information or credit or debit card number.
Attendance When you attend a Veeva-sponsored event, we collect information about the events you attend and how you engage with us and other event sponsors during the event. We may also take video recordings and photographs during the event that may include your likeness.
Public Forums If you engage in our public forums, we collect information you provide such as your public posts.
Device & Usage When you attend an online event and access our publications and newsletters, we collect device and usage information such as cookie records, browser type, internet service provider (ISP), device IP address, operating systems and versions, advertising identifiers, device motion data, web beacons and clickstream data.
Travel Accommodations For in-person events, we may assist with your travel and hotel arrangements and in these cases, we collect information from you to enable us to provide this assistance such as airline and flight information, lodging and dates of travel. We do not collect precise geolocation information.

Representatives of Customers, Suppliers and Prospective Customers and Suppliers. If you are a representative of a Veeva customer, supplier or prospective customer or supplier, we collect the following types of information about you.

Category of Information Description
Professional Identity & Contact We collect information such as your name, email address, phone number, gender, membership in professional associations, unique identification number assigned to your profession (such as NPI and license number) and the name, size and location of the company you work for and your role within it.

Our Products.

As part of our data products, we collect the following types of personal information related to the professional identity of healthcare providers and other industry professionals and stakeholders.

Category of Information Description
Professional Identity & Contact We collect information such as your name, email address, phone number, gender, membership in professional associations, unique identification number assigned to your profession (such as NPI and license number) and the name, size and location of the company you work for and your role within it.
Professional Activity We collect information about your professional activity such as your specialty, educational background, references, contributions to events, participation in clinical trials, publications and publicly available collaborations between you and other professionals or companies in the life sciences industry context.
Professional Social Media We collect professional social media information such as hyperlinks to professional network sites, posted content, handles, tweets, hashtags, likes, followers and mentions.
Professional Images and Recordings We collect publicly available video recordings and photographs.
Inferences We collect inferences, such as your interests and engagement preferences, that may be drawn from the above identifiers.

We may combine your information with anonymised data files to help improve decisions on how to interact with you and other healthcare professionals.


Websites. When you visit our websites, we collect your information directly from you and indirectly from you by observing your actions on our website or from your devices. This includes collecting information using analytic tools and other tracking technologies. Please see our Cookie Notice for more information.

Events and Marketing. When you register to attend a Veeva-sponsored event or subscribe to our publications and newsletters, we collect your information from you when you register, as directed by you during the registration process, as you engage with us and as you participate in activities and forums we provide.

Representatives of Customers, Suppliers and Prospective Customers and Suppliers. If you are a representative of a Veeva customer, supplier or prospective customer or supplier, we collect your information directly from you, your employer, our customers and suppliers and from publicly available websites such as LinkedIn.

Our Products. As part of our data products, we collect personal information about healthcare providers and other industry professionals and stakeholders from publicly available sources including government and public records, association websites, institutional websites (hospitals, universities, medical facilities), medical databases and registries, and other online professional profiles and web sources related to your professional activity. We may also collect personal information directly from you, your employer and affiliates and our customers.


Websites. When you visit our websites, we collect your information to help us understand how you interact with us, to provide you with relevant information and services, and to help us to ensure our websites are working as designed. This includes processing personal information as necessary to analyse, improve and optimise the delivery and use of our websites and their security.

Events and Marketing. When you register to attend a Veeva-sponsored event or subscribe to our publications and newsletters, we collect your information to:

  • provide you with the experience and information you’ve registered for or subscribed to;
  • inform you of other events or information we believe you may be interested in;
  • analyse and improve our events and campaigns;
  • personalise your content and experiences; and
  • enable our suppliers, who are also participating in the Veeva-sponsored event, to contact you about their related products and services.

Representatives of Customers, Suppliers and Prospective Customers and Suppliers. If you are a representative of a Veeva customer, supplier or prospective customer or supplier, we collect information about you to allow us to provide you with information about us, the products, services and events we offer, and how we may work together.

Our Products. As part of our data products, we collect personal information about healthcare organisations, healthcare providers, and other industry professionals and stakeholders for the purpose of enabling our customers to provide up-to-date scientific and medical information or promotional materials to relevant organisations and individuals and to facilitate our customers’ understanding of and improving their communication with such organisations and individuals.

Automated Processing. We do not make decisions about you which have legal or similarly significant effects on you, based solely on the automated processing, including profiling, of your data.


Websites and Apps. The legal basis for processing internet protocol addresses is our legitimate interest in providing the Veeva website (Art. 6 Para. 1 lit. f GDPR or UK GDPR, as applicable). The legal basis for the processing of usage data is your consent (Art. 6 Para. 1 lit. a GDPR or UK GDPR, as applicable). If data is collected from you on the basis of consent, we will indicate whether the data in question is required or voluntary information.

Events and Marketing. The legal basis for processing our events and marketing information is that the processing is necessary for the performance of a contract with you or is otherwise processed with your consent (Art. 6 Para. 1 lit. a, b GDPR or UK GDPR, as applicable).

Our Products. In processing personal information as part of our data products, we base our activities on the legal basis of legitimate interest (under Art. 6 Para. 1 lit. f GDPR or UK GDPR). Our customers have a legitimate interest in communicating with healthcare providers and other professionals to improve therapy, patient care and drug development. Our legitimate interest is to provide information and insights to facilitate such communication.


We may share personal information internally and with our subsidiaries and third parties for the following purposes:

  • to support the purposes described in the section above entitled “Why We Collect Information and How We Use It”;
  • to enable third parties to provide services on our behalf;
  • to comply with applicable law, legal obligations and valid legal processes such as search warrants, subpoenas, or court orders;
  • as necessary to establish, exercise or defend against potential, threatened or actual litigation;
  • when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, or investigate or prevent fraud or other illegal activity;
  • in connection with a merger, sale or asset transfer; and
  • for additional purposes with your consent, where consent is required by law.

When we share your personal information, we will ensure it is used in a manner consistent with this privacy notice and we will take reasonable steps to ensure that we only share the minimum personal information necessary for the specific purpose and circumstance.

We may provide bulletin boards, blogs, or chat rooms on our websites. Any personal information you choose to submit in such a forum may be read, collected, or used by others who visit these forums and may be used to send you unsolicited messages. We are not responsible for the personal information you choose to submit in these forums.

We may post lists of customers and testimonials on our websites that contain information such as customer names and titles. We obtain the consent of each customer prior to posting any information on such a list or posting testimonials. To request removal of your personal information from our blog or forum or to have your testimonials removed, contact us at privacy@veeva.com.

Our Products.

As part of our data products, we also share personal information with pharmaceutical, biotechnology and medical device companies (the life sciences industry) to allow those companies to provide you with scientific information about their products and services and as required by applicable law.


Web Sites Covered

This privacy statement covers the information practices of the Web sites and Services that link to this Privacy Statement: *.veeva.com, veeva.com/eu, veeva.com/jp, veeva.com/cn, veeva.com/ap, veeva.com/br, veeva.com/la, alignbiopharma.org, alignclinicalcro.org, our Customer Support Portal (collectively referred to as “Veeva Systems Web sites”, “the Company’s Web sites”), our Veeva Vault Services Platform (“Veeva Vault” or “Services Platform”) at *.veevavault.com, and our Veeva Network product (“Veeva Network”) at *.veevanetwork.com. The use of information collected through Veeva Vault or Veeva Network shall be limited to the purpose of providing the service for which the Customer (i.e., life sciences company) has engaged Veeva Systems.

We use a service provider that powers and processes our Customer Support Portal data that is accessed through a link on the Veeva Systems Web site. Although this portal resides on the service provider’s URL, it is branded as Veeva and Veeva Systems’ Privacy Statement governs the collection and use of information collected on these pages. All pages branded as Veeva Systems on this portal have a link to this Privacy Statement.

The Company’s Web sites may contain links to other web sites. Veeva Systems is not responsible for the information practices or the content of such other web sites. If you submit personal information to any of those sites, your information is governed by their privacy statements. We encourage you to carefully read the privacy statement of any web site you visit.

Our Web site also includes Social Media Features, such as the Facebook button and Widgets or interactive mini-programs that run on our site. These Features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the Feature to function properly. Social Media Features and Widgets are either hosted by a third party or hosted directly on our Site. Your interactions with these Features are governed by the privacy statement of the company providing it.

Web Site Navigational Information

Veeva Systems uses commonly-used information-gathering tools, such as cookies and Web beacons, to collect information as you navigate the Company’s Web sites (“Web Site Navigational Information”). This section describes the types of Web Site Navigational Information that may be collected on the Company’s Web sites and how this information may be used.

Cookies and Other Tracking Technologies

A cookie is a small text file that is stored on a user’s computer for record-keeping purposes. Technologies such as: cookies, beacons, tags and scripts are used by Veeva Systems and some of our business partners (e.g., our tracking utility company), affiliates, or analytics or service. These technologies are used in analyzing trends, administering the site, tracking users’ movements around the site and to gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies by these companies on an individual as well as aggregated basis.

We use session cookies to make it easier for you to navigate our site. A session ID cookie expires when you close your browser. Cookies enable us to track and target the interests of our users to enhance the experience on our site.

Enabling these cookies is not strictly necessary for the website to work but it will provide you with a better browsing experience. You can delete or block these cookies, but if you do that some features of this site may not work as intended.

What cookies do we use?

We use the following categories on our websites and other online services:

Category 1 — Strictly Necessary Cookies

These cookies are essential to enable you to browse around our websites and use their features. Without these cookies, services including user account login and access to video content cannot be provided.

Category 2 — Preference Cookies

These cookies collect information about how you use our websites and remember choices you make while browsing. This data may be used to help optimize our websites and make them easier for you to navigate.

For instance, we may store your geographic location in a cookie to ensure that we show you our website localized for your area. We may also remember preferences such as text size, fonts, and other customizable site elements. They may also be used to keep track of what featured products or videos have been viewed to avoid repetition. The information these cookies collect will not personally identify you, and they cannot track your browsing activity on non-Veeva websites.

Category 3 — Statistics Cookies

These cookies help Veeva understand how visitors interact with our websites and help us improve our overall site experience.

Veeva primarily uses Matomo on our website to provide statistics and reporting on our website performance.

Category 4 — Marketing Cookies

These cookies are used to track visitors behavior on our site and potentially across non-Veeva websites. The intention is to display Veeva specific content and advertisements that are relevant and engaging for the individual user. The information these cookies collect will not personally identify you and is used to target content to users anonymously.

How to control cookies

You can control and/or delete cookies as you wish – for details, see aboutcookies.org. You can delete all cookies that are already on your computer and you can set most browsers to prevent them from being placed. If you do this, however, you may have to manually adjust some preferences every time you visit a site and some services and functionalities may not work.

Web Beacons

Veeva Systems uses Web beacons alone or in conjunction with cookies to compile information about Customers and Visitors’ usage of the Company’s Web sites and interaction with emails from the Company. Web beacons are clear electronic images that can recognize certain types of information on your computer, such as cookies, when you viewed a particular Web site tied to the Web beacon, and a description of a Web site tied to the Web beacon. For example, Veeva may place Web beacons in marketing emails that notify the Company when you click on a link in the email that directs you to one of the Company’s Web sites. Veeva Systems uses Web beacons to operate and improve the Company’s Web sites and email communications.

Veeva Systems may use information from Web beacons in combination with data about Veeva Customers to provide you with information about the Company and services.

Log Files

As is true of most web sites, we gather certain information automatically and store it in log files. This information may include internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, and/or clickstream data. We may combine this automatically collected log information with other information we collect about you. We do this to improve services we offer you.

Local Storage

We use Local Storage (LS) such as HTML5 to store content information and preferences. Third parties with whom we partner to provide certain features on our site or to display advertising based upon your Web browsing activity use HTML 5 to collect and store information. Various browsers may offer their own management tools for removing HTML5.

Do Not Track

Currently, various browsers (such as Internet Explorer, Firefox, and Safari) offer a “do not track” or “DNT” option. Veeva Systems does not currently commit to responding to browsers’ DNT signals with respect to the Company’s Web sites, in part, because no common industry standard for DNT has been adopted by industry groups, technology companies or regulators, including no consistent standard of interpreting user intent. Veeva Systems takes privacy and meaningful choice seriously and will make efforts to continue to monitor developments around DNT browser technology and the implementation of a standard.

Behavioral Targeting / Re-Targeting

We partner with a third party to either display advertising on our website or to manage our advertising on other sites. Our third party partner may use technologies such as cookies to gather information about your activities on this site and other sites in order to provide you advertising based upon your browsing activities and interests. If you wish to not have this information used for the purpose of serving you interest-based ads, you may opt-out by clicking here (or if located in the European Union click here). Please note this does not opt you out of being served ads. You will continue to receive generic ads.


Websites and Apps. We only keep the data for as long as it is necessary and relevant for the purposes described in this privacy notice. We retain the data for only two years (or as otherwise required by law).

Events and Marketing. We only keep the data for as long as it is necessary and relevant for the purposes described in this privacy notice.

Representatives of Customers, Suppliers and Prospective Customers and Suppliers. We retain your information for as long as your account is active, as needed to provide you services, and as necessary to comply with our legal obligations, resolve disputes, enforce our agreements, or as otherwise reasonably necessary for our business purposes.

Our Products. As part of our data products, we keep the data for 10 years after it is no longer professionally relevant for the purposes described in this notice.


We offer you certain controls over your information. Under Art. 15-22 of the GDPR and UK GDPR (as applicable), you have the right to receive a copy of your information, to access, correct, and under certain circumstances, restrict or request deletion of your information from our database. You may also contact your data protection authority if you have any concerns about our protection of your personal information. If you choose to exercise your rights, we will respond to your request in accordance with applicable laws, which may vary depending on where you live. Any U.S. resident may opt out of the sale or sharing of their personal information within our consumer-based advertising products and services.

If you wish to exercise your privacy rights, click here or contact us at eudpo@veeva.com. In order to process your request, we require certain information about you. We will only use this information to verify your identity and facilitate the processing of your request. We may require you to provide proof of your identity. You may use an authorised agent to submit a request on your behalf. Your authorised agent must have your signed permission or power of attorney to submit a request on your behalf. There may be times when we are unable to fulfill your request; in those cases, we will let you know why we are unable to fulfill your request, subject to applicable law.

To opt out of our use of non-essential cookies, visit our Preference Center.

To unsubscribe from Veeva marketing emails, click on the “unsubscribe” link located on the bottom of the email. Please note that customers cannot opt out of receiving transactional emails related to the use of Veeva’s products and services.


Our websites and services are not designed for or directed at children, and we do not knowingly collect personal information from children under the age of 13. If you believe we may have mistakenly collected the personal information of a minor without appropriate consent, please contact us using the methods described in the “Contact Us” section and we will investigate and promptly address the issue.


We maintain a privacy and security program with technical, physical and organisational safeguards designed to protect against the wrongful access, use or disclosure of personal information, and to provide a level of security which we believe is appropriate to the risk our processing of your personal information poses to your privacy. We regularly review and modify our security measures to reflect changing technology, laws and regulations, risk, industry and security practices and other business needs. More information about our security program can be found here.


We are a global company. As a global company, we may transfer your personal information to various locations around the world for the purposes described in this privacy notice. We apply the protections and limitations described in this privacy notice regardless of where we process your personal information.

This includes the transfer of your personal data to countries whose level of data protection has been classified as adequate by the European Commission. (Further information can be found at https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en).

For data transfers to the U.S., Veeva Systems Inc. complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF (UK Extension), and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. We have certified to the U.S. Department of Commerce that we adhere to the (i) EU-U.S. DPF Principles with regard to the processing of personal information received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension, and (ii) Swiss-U.S. DPF Principles with regard to the processing of personal information received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy notice and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the DPF program and to view our certification visit the Data Privacy Framework Program website.

If you have questions or concerns regarding our handling of your personal information under the DPF or about our privacy program generally, please contact us at privacy@veeva.com. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request. If neither process resolves your question or concern, you may be able to pursue binding arbitration; visit the Data Privacy Framework Program website for more information about how to submit a complaint.

The Federal Trade Commission has jurisdiction over our compliance with the EU-U.S. DPF, the UK Extension, and the Swiss-U.S. DPF. We remain responsible for personal information that we transfer to third parties for processing on our behalf. We may be required to disclose personal information that we handle under the DPF in response to lawful requests by public authorities, including to meet national security or law enforcement requirements, as described in more detail by our Government Access Request Policy.

In addition, we ensure that transfers to third parties (such as our customers and service providers) are made under contractual provisions that require such third parties to protect and secure the data as required by applicable laws, which based on the third party, may include such third party’s transfer only to countries where the level of data protection has been determined to be adequate by the European Commission or executing additional contractual safeguards (e.g., EU-approved Standard Contractual Clauses).


Veeva’s Government Access Request Policy

This Government Access Request Policy describes how we respond to requests from governmental and other public authorities (collectively, “Government Authorities”) for access to Customer Data (as defined in our customer agreements) or other personal information (collectively, “Data”).

Validity. We do not voluntarily disclose Data to Government Authorities. We only disclose Data where there is a valid legal basis to do so (such as through a warrant, subpoena or court order). We review all requests on a case-by-case basis and in accordance with applicable law. If we determine there is a valid legal basis for the request, we comply by providing the least amount of Data necessary to respond to the request.

We never create backdoors in our products or services to allow Government Authorities to access Data.

Challenges. We challenge requests if we believe:

  • there is no valid legal basis for it,
  • the request is unlawful,
  • the request is unclear, overly broad or inappropriate, or
  • where compliance with the request would put us in potential breach of applicable laws in another country.

Notification. We notify our customers if a Government Authority requests their Data unless we are legally prohibited from doing so, in the event of an emergency (such as to prevent imminent death or serious physical harm to an individual) or in cases where we reasonably believe such notice would be counterproductive.

Transparency Report. We publish a report of requests we have received and our response to them. We update this report semi-annually.

    Type of Request Country of Origin of the Request Action Taken Year
    Subpoena US Fulfilled 2020
    Search Warrant US Fulfilled 2020

    Updated: April 2, 2024


The personal information that we process on behalf of and to provide products and services to our customers, including when customer representatives are users of our products and services, is subject to the terms and conditions of our customer agreements.

Where requested, we offer a Data Processing Addendum and Standard Contractual Clauses to enable our customers to comply with data protection laws applicable to our processing of personal information on their behalf. We process, transfer and maintain customer personal information strictly in accordance with our customer agreements and applicable law.

If you are interested in learning about our customers’ use of your personal information, we encourage you to contact the customer. We cooperate with our customers if they need our assistance in fulfilling requests from individuals to exercise their data privacy rights.

Information about our security program can be found here. A list of our support locations and of our sub-processors can be found here.


From time-to-time, we may change our privacy notice to reflect changing technology, laws, regulations, risk, industry and security practices and other business needs. The most up-to-date version will be found on this website; we post its effective date at the top. If we make a material update, we may notify you by posting notice on our website or by other means, consistent with applicable law.


If you wish to exercise your privacy rights, click here or contact us at eudpo@veeva.com.

If you have any questions about our privacy practices, you can contact our Chief Privacy Officer at privacy@veeva.com or our EU Data Protection Officer at eudpo@veeva.com. You can also write to our data controller, Veeva Systems Inc., or our various local representatives, at the addresses below:

Veeva Systems Inc.
Attention: EU Data Protection Officer
4280 Hacienda Drive
Pleasanton, CA 94588 USA

Local representatives of the data controller:

Germany
Veeva Systems GmbH
Attention: EU Data Protection Officer
Lindleystraße 12
60314 Frankfurt am Main

UK
Veeva Systems UK Ltd
Attention: EU Data Protection Officer
Building 5700, 2nd Floor
Spiers House, John Smith Drive
Oxford Business Park South
Oxford, OX4 2RW

Hungary
Veeva Systems Hungary Kft.
Attention: EU Data Protection Officer
Bécsi út 68-84, 1034
Budapest, Hungary

Turkey (data controller representative authorised to represent Veeva in the matters specified in the third paragraph of Article 11 of the Regulation on the Data Controllers’ Registry)
Gökçe Yönetim ve Danışmanlık A.Ş.
İzzet Paşa Mah. Abide-i Hürriyet Cad. Biz Cevahir İş Merkezi No: 158 İç Kapı No: 2
Şişli / İstanbul / Türkiye

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.