Introduction 

Contentsquare Group values adapting its products and services, as well as its internal activities to the constantly evolving global privacy landscape. 

Capitalized terms used in this page shall have the meaning assigned to them in the DPA (here) and MSA (here).

In recent years, several landmark data protection laws came into force around the world, including the European General Data Protection Regulation (“GDPR”) in 2018,  setting a new global standard for privacy. The California Consumer Privacy Act (“CCPA”) followed in the United States in 2020, with its amendment, the California Privacy Rights Act (“CPRA”), taking effect in January 2023. 

In addition, some existing privacy laws have been significantly updated  to enhance data protection in the concerned countries, such as the latest amendments to the Japanese Act on the Protection of Personal Information (“APPI”), and to the Australian Privacy Act that came into effect respectively in 2022 and 2024. Singapore’s Personal Data Protection Act (“PDPA”) was also amended in 2020.

This page is dedicated to providing you with information about Contentsquare Group’s compliance status and efforts concerning applicable data protection laws, including those mentioned above, as we continue to follow the legislative and regulatory developments coming from all around the world.

Contentsquare’s commitment

We at Contentsquare are committed to ensuring the protection of data of every individual we process, including but not limited to our customers, prospects, vendors, job applicants, and employees, and to providing a proactive approach to our data protection and privacy compliance practices. In this regard, we have implemented a robust and effective global privacy compliance program to promote transparency around our practices, build trust with our customers, prospects, vendors, job applicants, and employees, but also for our customers to continue using Contentsquare products and services without concern.

Global privacy commitments

Here is an overview of what we have achieved at Contentsquare as part of our global privacy compliance program:

• Audit: we monitor Contentsquare Group’s compliance on an ongoing basis and perform formal audits of the effectiveness of the program with accredited third-party on an annual basis; our audit reports and certifications are available for download via our Trust Portal.

• Compliance certification: we are ISO 27001 and ISO 27701 certified for both Data Controller and Data Processor qualifications, a recognized global standard for security and privacy management;

• Consent: where our Customers are required by Applicable Laws to obtain Visitors’ consent of their website or app to process their personal data, our tag can connect to their Consent Management Platform (CMP) to read the Visitor’s preferences and act accordingly regarding the collection of its personal data.

• Data Processing Agreement: we ensure that a Data Processing Agreement ("DPA") is signed with all Customers and Vendors. This agreement includes the required privacy obligations and states that we process Customer Personal Data in accordance with Customers’ instructions.

• Data Protection Officer: Contentsquare appointed a Global DPO to oversee our compliance program; 

• Data Subject Requests: we maintain an accurate Record of Data Subject Requests made pursuant to applicable data protection laws and how we responded to such requests;

• Data Subject Rights: we maintain a formal process and policy, highlighted by our Data Subject Request Portal, to ensure that we fulfill Data Subjects Requests we receive within the applicable legal deadlines to fullest extent required, as well as to provide the necessary assistance to our Customers and to authorities seeking records of requests we’ve received;

• International Data Transfers: we use appropriate mechanisms and supplementary measures to ensure safe and trusted transfer of personal data to third countries (including EU/UK Standard Contractual Clauses, adequacy decisions, consent) and conduct Data Transfer Impact Assessment where needed. More information on Contentsquare’s commitment around international data transfers can be found here;

• Privacy by Design & by Default: we constantly ensure that data protection principles are embedded in our product; 

• Privacy Center: we keep customers up-to-date about our privacy practices in a dedicated section of our website;

• Privacy Policies: we clearly inform customers, prospects, vendors, and job applicants and employees about how we use their personal data, and clearly give information about how they can exercise their data subject rights through our Privacy Policies;

• Policies and procedures: we created and maintain policies and procedures that ensure Contentsquare is complying with applicable laws and regulations on an ongoing basis (such as our Data Retention Policy, Consent Policy, Privacy Impact Assessment Policy…);

• Record of data processing activities: we maintain a record of data processing activities across the Contentsquare Group both as Controller and Processor;

• Security Incident Notification: we implemented a procedure to notify the relevant Data Protection Authority in our role as a Controller, and commit to notify our Customers, in our role as a Processor, without undue delay (but no later than 48 hours) after becoming aware of a security incident involving the Personal Data we process on their behalf (or, with respect to CCPA, involving the personal information of California residents);

• Security Measures: we implemented and maintain appropriate and robust security measures to ensure any Personal Data we process is protected (more information on this topic can be found at our Trust Portal;

• Sub-Processors: Contentsquare has entered into written contracts with each of its Sub-Processors (or “Subcontractors” as such term is defined under the CCPA) that include terms substantially similar to the DPAs we sign with our Customers. Contentsquare conducts appropriate due diligence on each of its Sub-Processors before they process any personal data;

• Training and awareness: we provide our employees with privacy training during their initial onboarding steps as well as annually.

We constantly continue to monitor our compliance program around upcoming data protection laws and will adjust accordingly where applicable to us. 

In addition to the above commitments, Contentsquare also has implemented region-specific requirements as required under local laws and regulations:

EU & UK: GDPR commitment

In addition to each of our global privacy commitments mentioned above, with unique respect to the GDPR and UK GDPR:

• Transfers outside the EU/UK: Contentsquare Group entered into the  Standard Contractual Clauses (“SCCs”) issued by the European Commission in June 2021 with its Sub-Processors located outside of the EU/UK to safeguard international data transfers. ;

• Trans-Atlantic Data Privacy Framework certified: Contentsquare’s US affiliates have self-certified under the EU-US Data Privacy Framework (“DPF”), UK Extension to the EU-US Data Privacy Framework, and the Swiss-US Data Privacy Framework, which permits them to process EU, UK, and Swiss personal data without any further safeguard being necessary. You can find our Notice posted here and our certification listed here. In case of invalidation of the DPF in the future, Contentsquare will rely on the SCCs as a transfer mechanism and there will be no gap in protection for EU data processed by Contentsquare Group.

California (USA): CCPA specific commitment

In addition to each of our global privacy commitments mentioned above, with unique respect to the CCPA:

• No “sale” or “sharing”: Contentsquare Group only processes Customer’s Data for the purposes specified in the applicable master agreement with Customers and agrees to refrain from “selling” or “sharing” (as such terms are defined in the CCPA) any Personal Information Processed as part of that agreement;

Japan: APPI specific commitment

In addition to each of our global privacy commitments mentioned above, with unique respect to the APPI:

• Handling of anonymized data: Contentsquare Group has implemented and maintains a privacy program that is compliant with APPI’s requirements on the handling of anonymized data and the standards prescribed by the Personal Information Protection Commission.

Singapore: PDPA specific commitment

In addition to each of our global privacy commitments mentioned above, with unique respect to the PDPA:

• Data Intermediary: Contentsquare Group has implemented and maintains a privacy program that is compliant with its requirements as a Data Intermediary under PDPA. 

Australia: Privacy Act specific commitment

In addition to each of our global privacy commitments mentioned above, with unique respect to the Australian Privacy Act:

• Australian Privacy Principles: As an APP entity under the Australia Privacy Act, Contentsquare Group has implemented and maintains a privacy program that meets the requirements under the Australian Privacy Principles.

How does Contentsquare assist its Customers in their privacy journey?

• The Contentsquare solution collects only by default the strict minimum of personal data required to provide the services to customers;

• We provide our customers with tools and abilities to identify and block unnecessary personal data from being transferred to Contentsquare in Experience Analytics (“DXA”) and Product Analytics (“PA”) products;

• We provide our customers with capabilities to request customer’s data deletion within the product for PA and Voice Of Customer (“VOC”) products;

• Contentsquare has a dedicated and trained support team, for handling any privacy related events;

• Contentsquare offers its customers privacy-oriented features for its DXA product, including IP-less, Cookieless solution and Exemption Mode (in France and Spain only). 

***

For more information about data protection at Contentsquare, please visit our Privacy Center here and Trust Center here. Feel free to contact Contentsquare’s Privacy Team at privacy@contentsquare.com directly with any additional questions, ideas or concerns.