Contentsquare Website Privacy Policy
1. Introduction
This Website privacy policy (“Website Privacy Policy”) provides information on the collection, storage, use, sharing, disclosure and transfer (“Processing”) by the Contentsquare group of companies (“Contentsquare”, “we”, “our”, or “us”) in connection with visitors (“Visitors” or “you”) of the Contentsquare websites that refer or link to this Privacy Policy (collectively - “Sites”). It also provides you with information about your privacy rights in relation to such Processing of your Personal Data.
As used in this Privacy Policy, “Personal Data” means information that relates to an identified individual or to an identifiable individual, as defined under applicable data protection laws.
2. Scope of the Website Privacy Policy
This Privacy Policy applies to the Processing of Visitors’ Personal Data in relation with our Sites only. The other Processing activities performed by Contentsquare in relation with our products, customers, employees and job applicants are governed by separate Privacy Policies. For more information on such Processing of Personal Data please visit this link.
3. Who is responsible for processing your personal data?
Data Controller’s identity and contact details
Contentsquare is responsible for processing your Personal Data.
Contentsquare develops and provides customer experience analytics services. Such services allow our customers to recreate a web or app session showing their website and app visitors’ interactions on their website or mobile app, to gain meaningful insights into such interactions, and use them to create exceptional experiences.See the list of Contentsquare entities, the registered address and contact details for each entity here.For the purpose of such Personal Data Processing activities identified under this Privacy Policy, Contentsquare is deemed Data Controller or Business, as such are defined under applicable data protection law.
Controller’s representative
Content Square SAS has been designated as Contentsquare’s representative in the European Union for data protection matters pursuant to Article 27 of the General Data Protection Regulation (“GDPR”).
Data Protection Officer and contact details
Contentsquare has appointed data protection officers (“DPO”) to oversee the protection of your Personal Data. If you have any questions about this Privacy policy or about our data protection practices, you can contact our DPOs at:
Global DPO: Content Square SAS, Attn: Global DPO, 7 rue de Madrid 75008 Paris, France.
APAC DPO: Contentsquare Japan G.K., Attn: APAC DPO, Marunouchi Kitaguchi Building 9F Wework 1-6-5 Marunouchi Chiyoda-ku Tokyo 100-0005, Japan.
Each of our DPOs may be reached via email at the below link:Contact Us
4. Which Personal Data do we process about you and how?
Contentsquare collects and processes Personal Data that directly identify you (e.g. name, email, contact details, etc.) and that indirectly identify you (e.g. unique identifiers, behavioral data, etc.), from various sources.
We collect and process Personal Data about you from the following sources:
When you provide such personal data directly to us
When you request information, contact us, or give us feedback via our Websites, we collect the following categories of Personal Data about you:
Category of Personal Data | Examples of Personal Data |
---|---|
Identification and contact data | First and last name, email address, and telephone number |
Professional or Employment-Related Data | Job position, workplace, and industry |
Any other Personal Data you voluntarily choose to provide | Personal Data in request or feedback you send us |
When you provide such personal data indirectly to us
We may collect Personal Data about you with the help of third parties. For more information about this Processing, please refer to our Services Privacy Policy.
When you use our Sites and such personal data is collected automatically
When you visit or interact with our Sites, we may collect or generate through cookies the following categories of Personal Data about you:
Category of Personal Data | Examples of Personal Data |
---|---|
Unique identifiers | IP address, cookie IDs, device IDs, web beacons, pixels, and other similar technologies (as described in our "Cookies Policy") |
Device and technical data | Domain server, type of device/operating system/browser used to access the Sites, local and language settings; session logging, heatmaps and scrolls; screen resolution, ISP, referring or exit pages; and date and time of your visit. |
Digital behavioral data | Web page interactions (clicks, browsing, zooms and other interactions), referring web page/source through which you accessed the Sites, and statistics associated with the interaction between device or browser and the Sites. |
5. Why do we use your Personal Data?
We process your Personal Data for various purposes including to administer our Sites, to develop and improve the performance of our Sites, respond to your request for our legitimate interest and to respond to a request from a regulator or to defend a legal claim in order to comply with applicable laws.
Below you will find a summary of the purposes for which we process your Personal Data with the legal basis for this processing:
Purpose of processing | Legal basis |
---|---|
Administer and protect our Sites, prevent and to investigate fraud and other misuses | Legitimate interest and compliance with a legal obligation |
Analyze, develop, improve, and optimize the use, function and performance of our Sites, such as accessibility needs flagged by certain behaviors like page zoom and text highlighting | Consent or legitimate interest |
Communicate with you and to inform you of Contentsquare’s products, services and events (collectively - “Marketing Communications”) as further described in the Services Privacy Policy | Legitimate interest |
Customize or personalize your experience | Compliance with a legal obligation |
Fulfill your requests and respond to your inquiries, such as to send a requested report | Pre-contract |
Protect the rights, safety, property, or operations of Contentsquare, you, or others | Compliance with a legal obligation |
Respond to privacy requests, or to requests or communications from regulators, law enforcement authorities, other government officials request or your data subject requests | Compliance with a legal obligation |
Resolve disputes and defend a legal claim | Compliance with a legal obligation |
6. How long do we keep your Personal Data?
Your Personal Data will be stored by us and our service providers in accordance with applicable data protection laws and data protection authorities guidelines to the extent necessary for the processing purposes set out in this Website Privacy Policy. Subsequently, we will delete your personal data in accordance with our Data Retention, Archiving and Disposal Policy or take steps to properly render the Personal Data anonymous, unless we are legally obliged to keep your personal data longer (e.g. for legal compliance, tax, accounting or auditing purposes).
Below you will find a summary of the data retention related to each purpose of processing:
Purpose of processing | Data retention |
---|---|
Administer and protect our Sites, prevent and to investigate fraud and other misuses | For the time necessary to administer and protect our Sites and then archived as required by applicable law or regulation |
Customize or personalize your experience | 13 months |
Fulfill your requests and respond to your inquiries, such as to send a requested report | 2 years from the request |
Communicate with you and to inform you of Marketing Communications | 2 years from your last contact or as soon as you request that we stop contact you for this purpose |
Analyze, develop, improve and optimize the use, function and performance of our Sites, such as accessibility needs flagged by certain behaviors like page zoom and text highlighting Customize or personalize your experience | 13 months |
Protect the rights, safety, property, or operations of Contentsquare, you, or others | As required by applicable law or regulation |
Respond to your data protection requests and requests or communications from law enforcement authorities or other government officials | For the time necessary to respond to the request or communication and then archived as required by applicable law or regulation |
Resolve disputes and defend a legal claim | In case of a dispute, until the settlement of the dispute ; in case of a legal claim, for the duration of the proceedings and until the ordinary and extraordinary means of recourse are exhausted with regard to the decision rendered. |
7. When and to whom we share your Personal Data?
Your Personal Data is shared for business and commercial purposes throughout Contentsquare and with third parties such as service providers, and, upon request and in line with our Public Authorities Access Request Policy, with government, judicial and law enforcement entities.
In connection with one or more of the purposes outlined in the Section 4 above, we may disclose your personal data to:
Contentsquare subsidiaries and affiliated companies
We may share, disclose and transfer your Personal Data with our current (consult the list here) and future subsidiaries and affiliated companies for all purposes mentioned in Section 5 above.
Service providers
We may share your personal data to third parties (including our affiliates) to perform services complementary to our own, namely - hosting, data analytics, consulting, development, support, marketing and advertising, data and cyber security. Our service providers may perform the services on our behalf, under our instructions, in accordance with our agreement and in compliance with appropriate technical and organizational security measures to protect your personal data.Please see here for the current list of service providers used by Contentsquare as processors.
Other third parties
We may disclose your personal data to third parties, including government authorities or public authorities, courts, intergovernmental or supranational bodies for legal processes or protection of life and safety where we believe that access, use, preservation, or disclosure of the information is reasonably necessary, including:
To comply with laws, regulations, legal process or to respond to lawful requests;
To enforce or apply our agreements;
To protect the rights, interests, property, or safety of Contentsquare, our customers, you and others;
In connection with claims, disputes, or litigation;
To protect you and others from fraudulent, abusive, or unlawful use of the Sites, and other fraudulent activity.
Such disclosure or access may occur if we believe in good faith that we are legally compelled to do so, or that it is appropriate in connection with efforts to investigate, prevent, or take action regarding actual or suspected illegal activity, fraud, or other wrongdoing.
8. How do we transfer your Personal Data globally?
Your Personal Data may be accessed, processed and stored in other countries in which Contentsquare has operations, including countries outside of the European Economic Area (EEA).
Contentsquare has implemented safeguards to ensure an adequate level of data protection where your personal data is transferred to countries outside the EEA, such as:
the recipient country has an adequacy decision from the European Commission;
the European Commission’s Standard Contractual Clauses for the transfer of personal data.
To see in detail the countries where your Personal Data may be transferred, please click here.
9. How do we secure your Personal Data?
In order to protect your Personal Data held with us and our service providers, we use industry-standard physical, procedural and electronic security measures, which can be consulted here. However, please be aware that regardless of any security measures used, we cannot and do not guarantee the absolute protection and security of any personal data stored with us or with any third parties as described in Section 7 above.
10. What are your privacy rights and how to exercise them?
You may have rights over the Personal Data we process about you, such as choosing to object to, restrict our use of, delete, change, correct or access your Personal Data - which you may exercise by filling out our Data Subject Request Form.
Depending on the data protection laws of the country in which you reside, and the legal basis that we used to process your Personal Data, you may have multiple privacy rights in respect of the Personal Data we process about you:
request confirmation that we are processing your personal data;
request a copy of personal data we hold about you;
request that we update personal data we hold about you or correct such data that is inaccurate or incomplete;
restrict the way in which we use your personal data (e.g., if we have no legal right to keep using it) or limit our use of your personal data (e.g., if your personal data is inaccurate or unlawfully held);
object to our processing of your personal data relating on grounds to your particular situation or if your personal data is processed by us for direct marketing purposes, object at any time to the processing of your personal data for such marketing;
withdraw the consent that you have given us to process your personal data (where we process your personal data on the basis of your consent);
request that we delete the personal data we hold about you; and
lodge a complaint with the relevant data protection authority regarding our processing of your personal data.
Please consult your local data protection authority to find out what data protection rights apply to you. We assess every request received based on the jurisdiction in which you are based.If you want to exercise one or more of the rights mentioned above, you can submit your request using our Data Subject Request Form. Please note that as part of your data subject request, we may require additional information and documents, including personal data, in order to authenticate and validate your identity and to process your request. Such additional data will be then retained by us for legal purposes (e.g. as proof of the identity of the person submitting the request), in accordance with Section 5 above.
11. Children’s Privacy
Our Website is not designed to attract children under the age of 16. We do not knowingly collect Personal Data from children and do not wish to do so. If we learn that a person under the age of 16 is using our Website, we will prohibit and attempt to block such use and will make reasonable efforts to promptly delete any Personal Data stored with us with regard to such child. If you believe that we might have any such data, please contact us via our Data Subject Request Portal here.
12. How to contact us?
If you have any comments or questions about this Website Privacy Policy or our privacy practices, please contact us via the link below. You can also contact our DPOs at:
Global DPO: Content Square SAS, Attn: Global DPO, 7 rue de Madrid 75008 Paris, France.
APAC DPO: Contentsquare Japan G.K., Attn: APAC DPO, Marunouchi Kitaguchi Building 9F Wework 1-6-5 Marunouchi Chiyoda-ku Tokyo 100-0005, Japan.
Each of our DPOs may also be reached via email at the link: Contact Us
13. Updates and Amendments to this Website Privacy Policy
We may update and amend this Website Privacy Policy from time to time. The “Effective Date” at the top of this webpage mentions when this Website Privacy Policy was last revised. Any changes will become effective when we post a revised version of this Website Privacy Policy on these Sites. Your use of our Sites is subject to the terms in the version of this Privacy Statement that is posted on this Site at the time of your visit. We encourage you to review this Privacy Statement periodically to remain informed about how we are protecting your data.
14. External Links
While our Site may contain links to other websites or services, we are not responsible for their privacy practices, and encourage you to pay attention when you leave our Sites for the website or application of such third parties and to read the privacy policies of each and every website or service you visit. This Website Privacy Policy applies only to our Sites.
15. Trans-Atlantic Data Privacy Framework Notice
Contentsquare’s entities which are based in the United States of America (Content Square, Inc. Clicktale Inc., and Heap Inc.) (together “the US CS entities”) have self-certified with the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework (together, the “Data Privacy Framework”), where such participation is listed at this link, with respect to the Personal Data of individuals residing in the EU, United Kingdom, and Switzerland that the US CS entities process for the purposes identified above in this policy, including any such data processed on behalf of any of their affiliated companies of the Contentsquare group of companies.
The US CS entities commit to process Personal Data received from the EU, United Kingdom, and Switzerland in accordance with the Data Privacy Framework Principles, including the Supplemental Principles (collectively, the “Principles”) as set forth by the US Department of Commerce concerning the processing of Personal Data.
If there is any conflict between this Website Privacy Policy and the Principles, the Principles shall govern. To learn more about the Data Privacy Framework, please visit this webpage.
Independent Dispute Resolution
To address inquiries or resolve complaints about our processing of Personal Data, residents of the EU, United Kingdom, or Switzerland should first contact Contentsquare via e-mail to privacy[at]contentsquare.com.
The US CS entities have further committed to refer unresolved privacy complaints under the Data Privacy Framework to the American Arbitration Association’s International Centre for Dispute Resolution (“ICDR-AAA”), a non-profit alternative dispute resolution provider located in the United States to assist with the complaint resolution process. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://go.adr.org/dpf_irm.html for more information and to file a complaint. The services of ICDR-AAA are provided at no cost to you.
Enforcement
The US CS entities are subject to the investigatory and enforcement powers of the Federal Trade Commission (the “FTC”) to ensure our compliance with the Data Privacy Framework as outlined in this Website Privacy Policy.
Arbitration
You may be entitled, under certain conditions as described in the Principles, to invoke binding arbitration when other dispute resolution procedures have been exhausted.
Lawful Access Requests
The US CS entities may be required to disclose Personal Data in response to lawful access requests from public authorities, or to comply with national security or law enforcement requirements. Any such disclosure is made in accordance with our Public Authorities Access Request Policy, available at this link.
Onward Transfers of Personal Data
The US CS entities remain responsible to you, as well as potentially liable to you under the conditions set forth in the Principles, for the processing of Personal Data received under the Data Privacy Framework and subsequently transferred to the third parties identified above.