V1.2023
10 THINGS TO KNOW
ABOUT THE CONTENTSQUARE SOLUTION’S DATA PROCESSING
1. WE COLLECT LIMITED PERSONAL DATA AND TECHNICAL DATA. By default, the Contentsquare solution processes from visitors of its customers’ website/apps, the following:
- Personal Data. IP addresses (website only); Online Unique ID; Behavioral Data (e.g. how visitors interacted with the website or app, mouse or touch movements, scrolls, mouse clicks, screen taps or zoom data, time of engagement, etc.); and, only to the minimum extent necessary, additional types of personal data as may be specifically requested by the customer or incorporated as part of a specific ordered service; and
- Technical Data. Which may include pages of a website or app visited, type of computer operating system, type of web browser, JS/API error messages, other backend technical data, etc.
2. IP ADDRESS USAGE AND RETENTION (website only). By default, IP address is stored in Contentsquare system for a short period of time (no longer than 3 days)*. Following such period, IP address is deleted. By default, we use IP address only for:
- GEO location down to the city level by using an external repository matching the IP address and the city ;
- Blacklist any unwanted IP addresses (per request by the customer);
- Log for system troubleshooting purposes.
*Only upon customer request, (i) Contentsquare can provide an IP-less solution which will prevent the processing of the visitor IP address, and (ii) IP address may be stored for additional periods of time and used for additional purposes.
3. COOKIES. The Contentsquare solution is designed to use 1st party cookies, with expiration of no more than 13 months. See current list of cookies used by the Contentsquare solution at: https://docs.contentsquare.com/en/web/cookies/
Our Cookieless solution, if enabled by the customer, replaces cookie technology with SessionStorage technology (which expires at the end of the session). For more information, see contentsquare.com/privacy-center/audience-measurement-exemption/. For our CS for Apps solution, Online Unique ID is collected and used in customer’s native apps only and stored on device no more than 13 months.
4. DATA RETENTION. By default, personal data is kept for up to 13 months, available for customer’s use in accordance with the applicable data availability term purchased by the customer under the Order Form. This may be extended upon request. Personal data can be deleted at any time per customer request.
5. SUB-PROCESSORS AND DATA TRANSFER. As an essential part of our services we use sub-processors that will have access to the data processed. See current list of sub-processors at: contentsquare.com/privacy-center/subprocessors/. Unless otherwise instructed by the customer, location of data storage is determined by the customer’s location - meaning that our EU customer's data is stored in the EU and our US customer's data is stored in the US. Our customer's data may also be accessed from locations outside such storage space by our sub-processors in order to provide the services.
6. PROCESSING. Contentsquare processes personal data solely as agreed under the applicable agreement with the customer. Customers’ personal data is not used for any other purpose without the customer’s consent. Contentsquare does not sell customers’ personal data. Contentsquare does not track visitors outside of its customers’ websites/apps.
7. SECURITY. All personal data is encrypted via TLS in-transit and AES-256 while at-rest. Contentsquare maintains ISO 27001/27701 certification, as well as undergoes audits for SOC 2 Type 2 compliance, offering to our clients an extensive variety of security measures to allow secure processing of the personal data by the Contentsquare solution. For more information, please see our trust portal at security.contentsquare.com.
8. DATA SUBJECT REQUESTS. We allow our customers and provide assistance in their efforts, to comply and respond to any Data Subject Requests (DSR) relating to the personal data processed by the Contentsquare solution, such as deletion of personal data. See our Data Subject Request Portal at: contentsquare.com/privacy-center/data-subject-request-portal/.
9. DATA MINIMIZATION. The Contentsquare solution processes only the minimum amount of personal data required to provide our customers with the ordered services. To such end, we provide our customers with tools and abilities to identify and block any unnecessary personal data from being transferred to Contentsquare.
10. DATA PURGE. Contentsquare has implemented tools and internal processes, managed and lead 24/7 by Contentsquare’s dedicated and trained support team, for the purpose of handling any privacy related events, and the timely provision of internal and external notifications and the purge of any excess personal data from our system, as needed.
****************
Contentsquare employs, as part of its Digital Trust team, dedicated certified experts monitoring changes in privacy regulations on an on-going basis, assessing Contentsquare’s compliance with such changes, and updating any and all that needs to be updated, in order for Contentsquare to maintain its compliance with all applicable laws. For additional information or clarifications, please contact privacy@contentsquare.com, or refer to our privacy page and policies at contentsquare.com/privacy-center/. The information provided on this page does not, and is not intended to, constitute legal advice; instead, all information, content, and materials available on this page are for general informational purposes only. Nothing in this page contradicts or supersedes our privacy policies available at the link above, or any Data Processing Agreement agreed by the parties.