Contentsquare Privacy Commitment

Introduction 

Contentsquare group values adapting its products and services, as well as its internal activities to the constantly evolving global privacy landscape. 

In the last few years, several data protection laws came into force around the world, including the GDPR, a new EU privacy law that came into force in 2018 and the CCPA, a California law that came into effect in 2020. 

In addition, some privacy laws have been amended recently to enhance data protection in the concerned countries, such as the amendments of the APPI, Japan's data protection law, and the Privacy Act, the Australian data protection law, both of which came into force in 2017, but also amendments of the PDPA, Singapore’s data protection law, which took effect in 2021, and more. 

Our teams are also thoroughly examining upcoming US legislations that may affect our customers’ personal data or our own privacy compliance programs, such as the American Data Privacy and Protection Act (“ADPPA”), a draft of which is currently under review by the United States Federal Government’s House Committee on Energy and Commerce. We are confident in our ability to comply with ADPPA and are implementing any additional requirements unique to this law not already covered by our current privacy program. We are similarly confident in our preparations for the upcoming California Privacy Rights Act, which takes effect on January 1, 2023 and expands the privacy rights afforded to California residents.   

This “Contentsquare Privacy Commitment” page is dedicated to providing you with information about Contentsquare’s compliance status and efforts concerning the applicable data protection laws, including those mentioned above, as we continue to follow the legislative and regulatory developments coming from Europe, USA, APAC, and from all around the world.

Contentsquare’s commitment

We at Contentsquare are committed to ensuring the protection of data of every individual we process, including but not limited to our customers, prospects, vendors, job applicants and employees, and to providing a proactive approach to our data protection and privacy compliance practices. In this regard, we have implemented a robust and effective global privacy compliance program to promote transparency around our practices, build trust with our customers, prospects, vendors, and job applicants and employees, but also for our customers to continue using Contentsquare products and services without concern.

[Layer 1:] Global privacy commitments

Here is an overview of what we have achieved at Contentsquare as part of our global privacy compliance program:

  • Compliance certification: we are ISO 27001 and ISO 27701 certified for both controller and processor, a global standard for security and privacy management;
  • Data Protection Officer: we appointed DPOs across the group to oversee our compliance program; 
  • Security Measures: we implemented and maintain appropriate and robust security measures to ensure any personal data we process is protected (more information on this topic can be found at our Security Portal;
  • Security Incident Notification: we implemented a procedure to notify the relevant data protection authority in our role as a controller, and commit to notify our customers in our role as a processor without undue delay (but no later than 48 hours) after becoming aware of a security incident involving their personal data (or, with respect to CCPA, involving the personal information of California residents);
  • Record of data processing activities: we maintain a record of data processing activities across the Contentsquare Group both as controller and processor;
  • Policies and procedures: we created and maintain policies and procedures that ensure Contentsquare is complying with applicable laws and regulations on an ongoing basis (such as via our data retention policy, consent policy, privacy impact assessment policy, and vendor management process);
  • Privacy by Design & by Default: we constantly ensure that data protection principles are embedded in our product; 
  • Privacy Policies: we clearly inform customers, prospects, vendors, and job applicants and employees about how we use their personal data, and clearly give information about how they can exercise their data subject rights through our Privacy Policies;
  • Privacy Center: we keep customers up to date about our privacy practices in a dedicated section of our website;
  • Data Processing Agreement: before any use of our Solution, we ensure to sign with our customers and vendors our Data Processing Agreement (“DPA”) which contains applicable terms (for example, the required information under GDPR’s Art. 28 (and UK GDPR’s Art 59), and specifying that we process Customer Personal Data for the sole purpose of providing the Services to our Customers as agreed under the applicable master agreement;
  • International Data Transfers: we use appropriate mechanisms and supplementary measures to ensure safe and trusted transfer of personal data to third counties (including EU/UK Standard Contractual Clauses, adequacy decisions, consent) and conduct data transfer impact assessment where needed. More information on Contentsquare’s commitment around international data transfers can be found here;
  • Data Subject Rights: we maintain a formal process and policy, highlighted by our Data Subject Request Portal, to ensure that we fulfill data subjects rights requests we receive within the applicable legal deadlines to fullest extent required, as well as to provide the necessary assistance to our customers and to authorities seeking records of requests we’ve received;
  • Data Subject Requests: we maintain an accurate record of data subject requests made pursuant to applicable data protection laws and how we responded to such requests.
  • Training and awareness: we provide our employees with privacy training during their initial onboarding steps as well as annually;
  • Sub-Processors: Contentsquare has entered into written contracts with each of its Sub-Processors (or “Subcontractors” as such term is defined under the California Consumer Privacy Act or “CCPA”) that include terms substantially similar to the DPAs we sign with our Customers. Contentsquare conducts appropriate due diligence on each of its Sub-Processors before they process any personal data;
  • Audit: we monitor Contentsquare’s compliance with the program on an ongoing basis and perform formal audits of the effectiveness of the program with accredited third-party on an annual basis.

We constantly continue to monitor our compliance program around upcoming data protection laws and will adjust accordingly where applicable to us. 

In addition to the above commitments, Contentsquare also has implemented region-specific requirements as required under local laws and regulations:

[Layer 2:] EU & UK: GDPR commitment

In addition to each of our global privacy commitments mentioned above, with unique respect to the GDPR and UK GDPR:

  • Transfers outside the EU/UK: Contentsquare entered into the new Standard Contractual Clauses issued by the European Commission in June 2021 with its Sub-Processors to guarantee the same level of protection for Customer’s Personal Data as the GDPR when transferring personal data to our Sub-Processors located outside of the EU/UK; 

[Layer 3:] California (USA): CCPA specific commitments

In addition to each of our global privacy commitments mentioned above, with unique respect to the CCPA:

  • No sale: Contentsquare only processes Customer’s Data for the purposes specified in the applicable master agreement with Customers and agrees to refrain from selling (as such term is defined in the CCPA) any Personal Information Processed as part of that agreement;

[Layer 4:] Japan: APPI specific commitments

In addition to each of our global privacy commitments mentioned above, with unique respect to the APPI:

  • Handling of anonymized data: Contentsquare has implemented and maintains a privacy program that is compliant with APPI’s requirements on the handling of anonymized data and the standards prescribed by the Personal Information Protection Commission.

[Layer 5:] Singapore: PDPA specific commitments

In addition to each of our global privacy commitments mentioned above, with unique respect to the PDPA:

  • Data Intermediary: Contentsquare has implemented and maintains a privacy program that is compliant with its requirements as a Data Intermediary under PDPA. 

[Layer 6:] Australia: Privacy Act specific commitments

In addition to each of our global privacy commitments mentioned above, with unique respect to the Australian Privacy Act:

  • Australian Privacy Principles: As an APP entity under the Australia Privacy Act, Contentsquare has implemented and maintains a privacy program that meets the requirements under the Australian Privacy Principles.

How does Contentsquare assist its Customers in their privacy journey?

  • The Contentsquare solution collects only the strict minimum of personal data required to provide the services to customers;
  • We store customer’s data for a defined and limited period of time;
  • We provide our customers with tools and abilities to identify and block unnecessary personal data from being transferred to Contentsquare;
  • Contentsquare has a 24/7 dedicated and trained support team, for handling any privacy related events;
  • Contentsquare offers its customers privacy-oriented features, including IP-less, Cookieless solution and Exemption Mode. 

***

For more information about data protection at Contentsquare, please visit our Privacy Center here. Feel free to contact Contentsquare’s Privacy Team at [email protected] directly with any additional questions, ideas or concerns.