CONTENTSQUARE AND GDPR

The GDPR is a new EU privacy law that came into effect on May 25, 2018.  The intention of the GDPR is to harmonize and strengthen data privacy laws across Europe and provide individuals in the EU with expanded privacy rights while increasing the obligations of organizations that collect and process personal data.

Who does it apply to?

The GDPR is far reaching applying to any organization - even non-EU based organizations - that offer goods or services in the EU or that monitor the behavior of individuals in the EU.

Therefore, if you market your products in the EU or monitor the behaviors of any individuals in the EU you will be subject to the GDPR.

What does the GDPR mean for your business?

The GDPR imposes a wide range of obligations on both data controllers and data processors that process personal data. These obligations start with establishing a lawful basis for collection of personal data and continue with the need to assess risks, document data processing practices and securing data.  Companies will need to work with their legal team to ensure compliance with the GDPR.  Contentsquare is here to help its customers with their compliance needs.

What information does the GDPR apply to?

The GDPR applies to personal data where personal data has been defined very broadly including online identifiers such as IP address and cookie identifiers. This means that even if you don’t collect information that is clearly personal data such as person’s name or address you may still be subject to the GDPR.  Organizations must take steps to understand what data they are collecting as well as how that data is being accesses, stored and used to ensure compliance with the GDPR.

What do Contentsquare customers need to do as a Data Controllers?

When using Contentsquare, as a data controller you will have certain responsibilities under the GDPR.  Such responsibilities include being transparent with your users and providing them appropriate notice of your privacy practices.  You will need to work with your legal teams to determine the legal basis under which you are collecting and using personal data – which may include, where necessary obtaining consent.  You will also need to have procedures in place to comply with the expanded individual rights provided under the GDPR including the right to object to processing, to be deleted, to have data exported and the right to access data.  Contentsquare will support you in your obligations to comply with any such individual rights requests.

What is Contentsquare doing as a Data Processor?

Contentsquare in its capacity as a Data Processor for its customers acts on behalf of the customers and will process personal data only in accordance with customer instructions as defined in the agreement between Contentsquare and customer. Contentsquare is committed to maintaining a high level of security over the data and having appropriate processes in place to ensure compliance with notification requirements under the GDPR as well as with customer requests in connection with any individual rights requests.  You may contact privacy@contentsquare.com at any time with any questions or DSR@contentsquare.com for any Data Subject Requests.

Can we block Personal Data from being collected when using Contentsquare?

Contentsquare provides various tools to enable its customers to block information from being collected through the Contentsquare service.  Contentsquare also implements, by default, certain safeguards to ensure certain data is not collected.  By way of example, by default Contentsquare does not collect the value of any keystrokes typed by a visitor on your website.  Furthermore, Contentsquare will block all other information within your page that you identify as personal information using Contentsquare’s tools.  Contentsquare does however utilize a cookie identifier to provide the service and does initially obtain an IP address.

Does Contentsquare have a Data Processing Agreement that we can execute?

Yes. Contentsquare has a specific Data Processing Agreement intended to cover all terms as required under the GDPR.  If you do not already have an updated Data Processing Agreement in place with Contentsquare we urge you to sign the Data Processing Agreement provided on our Data & Privacy webpage and return it to privacy@contentsquare.com.