Contentsquare group FAQs Guide on the Data Privacy Framework

 

This page is designed to address Frequently Asked Questions (“FAQs”) from customers (“customers”, “you”) about the Contentsquare group (“we”, “us”, “our”) certification to the Trans-Atlantic Data Privacy Framework.

If you have additional questions that are not answered in this FAQs Guide, please contact your Sales or Account representative, who will be happy to assist you and coordinate with our Data Privacy Team to ensure that all your questions are answered.

What is the Data Privacy Framework and why does it matter?

  • The Trans-Atlantic Data Privacy Framework (the “DPF”) is a new mechanism that was developed by the United States of America (“US”) to transfer personal data from the European Union (“EU”), United Kingdom (“UK”) and Switzerland (collectively “Europe”) to the US, while safeguardings Europeans’ data protection rights. This addresses the ruling of the European Court of Justice (Schrems II) which invalidated the previous Privacy Shield framework, established in 2016 to provide a legal basis for companies to comply with European data protection requirements when transferring personal data to the US.

  • In 2023, the European Commission and the UK Government each concluded that the US’ DPF ensures an adequate or essentially equivalent standard of data protection as under European data protection laws, namely General Data Protection Regulation (“GDPR”) and UK GDPR.

    This means that European personal data may be freely processed within and transferred to organizations in the US who have certified to the DPF, without having to implement any further data protection or safeguard like the Standard Contractual Clauses.

  • No, the adequacy decisions conclude that the US ensures an adequate level of protection for personal data transferred only to those US companies who are certified under the DPF.

  • US organizations which certify to the DPF commit to comply with similar obligations as they would be subject to under European data protection laws such as only processing and handling personal data in line with purpose limitation, data minimization, data retention limitation, disclosure limitation, data security principles, etc.

    The DPF also includes limitations on the ability of the US government to access Europeans’ personal data, as well as provides to Europeans dedicated redress procedures over the handling of their personal data.

  • US-businesses that maintain active certifications to the DPF are publicly listed at this link.

  • More detailed information about the DPF is available at their official website at this link.

    More information about the European adequacy decisions on the DPF:

    • - European Commission press release can be found here;
    • - UK government notice can be found here.

Contentsquare group’s DPF certification

  • Yes! Each of Contentsquare group US companies, namely Contentsquare Inc., Clicktale Inc., and Heap Inc. are included in our DPF certification, which can be found at this link.

    Our certification statement where we commit to comply with the DPF and its Principles is available in our privacy policy.

  • Yes, we use Amazon Web Services (AWS) and Microsoft Azure as cloud hosting providers for our customers’ data. Both AWS and Azure are DPF-certified and their certifications can also be found at this link.

  • Except in special circumstances, the DPA you signed with us already permits the transfer of personal data to countries which benefit from an adequacy decision so a specific reference to transfers under the DPF is not necessary.

  • US organizations which certify to the DPF commit to comply with similar obligations as they would be subject to under European data protection laws such as only processing and handling personal data in line with purpose limitation, data minimization, data retention limitation, disclosure limitation, data security principles, etc.

    The DPF also includes limitations on the ability of the US government to access Europeans’ personal data, as well as provides to Europeans dedicated redress procedures over the handling of their personal data.

  • Quite the opposite! For Heap customers, your European data stored in or transferred to the US will be now safely protected under the DPF.

    For Contentsquare and Clicktale customers, your data will continue to be stored in its designated cloud storage location as agreed under the agreement with Contentsquare and Clicktale. By default, European customers' data are stored in our European data centers.

    Furthermore, customer data accessed from our US companies to provide services to our customers (support, maintenance,...) will be covered by the DPF.