Contentsquare Services Privacy Policy

Effective Date: September 2023

  1. Introduction
  2. Scope of the Services Privacy Policy
  3. Who is responsible for processing your Personal Data?

    Controller’s identity and contact details
    Controller’s representative
    Data Protection Officer and contact details

  4. Which Personal Data do we process about you and how?

    Contentsquare collects and processes Personal Data that directly identify you (e.g. name, contact details) and that indirectly identify you (e.g. unique identifiers), from various sources.
    We collect and process Personal Data about you from the following sources:
    When you provide such Personal Data directly to us

  5. How long do we keep your Personal Data?
  6. When and to whom we share your Personal Data

    Contentsquare subsidiaries and affiliated companies
    Service providers
    Other third parties

  7. To whom and how we transfer your Personal Data
  8. How we secure your Personal Data
  9. What are your privacy rights and how to exercise them?
  10. Children’s Privacy
  11. How to contact us?
  12. Updates and Amendments to this Services Privacy Policy
  13. Trans-Atlantic Data Privacy Framework Notice

1. Introduction

Contentsquare group of companies (“Contentsquare”, “we”, “our”, or “us”) develops and provides customer experience analytics services. Such services allow our customers to recreate a web or app session showing their website and app visitors’ interactions on their website or mobile app, to gain meaningful insights into such interactions, and use them to create exceptional experiences.

This Services Privacy Policy (“Services Privacy Policy”) provides information on how Contentsquare collects, stores, uses, shares, discloses and transfers Personal Data relating to our customers, prospects, customers’ personnel (“Customer” or “you”) in connection with our products and services (collectively - “Contentsquare Services” or our “Services”) and interactions and communications between you and Contentsquare. It also provides you with information about your privacy rights in relation to such Processing of your Personal Data.

As used in this Privacy Policy, “Personal Data” means information that relates to an identified individual or to an identifiable individual, as defined under applicable data protection laws.

See the list of Contentsquare entities, the registered address and contact details for each entity here.

2. Scope of the Services Privacy Policy

This Privacy Policy applies to the Processing of Customer’s Personal Data when you use our Services and any additional interactions and communications between you and Contentsquare.

The other Processing activities performed by Contentsquare in relation with our website, and job applicants are governed by separate Privacy Policies. For more information on such Processing of Personal Data please visit this link.

3. Who is responsible for processing your Personal Data?

Controller’s identity and contact details

Customer is responsible for processing your Personal Data in connection with Contentsquare Services. This means that Contentsquare is the Data Processor for such Personal Data processed on Customer’s behalf and under its instructions.

Contentsquare will process Customer Personal Data to provide the Services and other limited purposes as outlined in Section 5 below. In those limited purposes, Contentsquare is responsible for processing your Personal Data and is the Data Controller.

Controller’s representative

Customer as the Data Controller:
For information about the representative for data protection matters pursuant to Article 27 of the General Data Protection Regulation (“GDPR”) of a specific Contentsquare’s customer, we suggest you reach out to such customer’s representative at its dedicated privacy policy.

Contentsquare as the Data Controller:

Contentsquare has appointed DPOs to oversee the protection of your Personal Data. If you have any questions about this privacy policy or about our data protection practices, you can contact our DPOs at:

  • Global DPO: Content Square SAS, Attn: EU DPO, 7 rue de Madrid 75008 Paris, France. 
  • APAC DPO: Contentsquare Japan G.K., Attn: APAC DPO, Marunouchi Kitaguchi Building 9F Wework 1-6-5 Marunouchi Chiyoda-ku Tokyo 100-0005, Japan.

Each of our DPOs may be reached via email: privacy@contentsquare.com.

Data Protection Officer and contact details

Customer as the Data Controller:
For information about the DPO of a specific Contentsquare’s customer, we suggest you reach out to such customer’s DPO at its dedicated privacy policy.

Contentsquare as the Data Controller:
Contentsquare has appointed DPOs to oversee the protection of your Personal Data. If you have any questions about this privacy policy or about our data protection practices, you can contact our DPOs at:

  • Global DPO: Content Square Inc., Attn: Global DPO, 53 Beach St New York, NY, 10013-2304 United States. Email to privacy@contentsquare.com.
  • EEA DPO: Content Square SAS, Attn: EU DPO, 7 rue de Madrid 75008 Paris, France. Email to privacy@contentsquare.com.

4. Which Personal Data do we process about you and how?

Contentsquare collects and processes Personal Data that mainly indirectly identifies you (e.g. unique identifiers). We may also collect and process Personal Data that may directly identify you (e.g. name, contact details) for specific purposes and from various sources.

We process your Personal Data mainly to provide the services to our customers in accordance with agreement with the customer. We may also process your Personal Data for other purposes including to support our legitimate interests in maintaining and improving our Services and sales offerings, understanding how our Services are used, to optimize our marketing Services, customer service and support operations and to respond to a request from a regulator or to defend a legal claim in order to comply with applicable laws.

We collect and process Personal Data about you from the following sources:

Contentsquare as a Data Processor

Category of Personal DataSource of Personal DataPurpose of processingLegal basis
Identification and Contact DataWhen you order and use our ServicesProvide the Services including support, maintenance, and account managementAs determined by Customer
Professional or Employment-Related DataWhen you order and use our ServicesProvide the Services including support, maintenance, and account managementAs determined by Customer
Unique identifiersWhen you use our Services (via cookies or web beacons)Provide the Services to you, including visitor digital behavior, website and mobile app performance analytics, and other usage monitoring and analytics activities as part of the Services to youAs determined by Customer
Device and technical dataWhen you use our Services (via cookies or web beacons)Provide the Services to you, including visitor digital behavior, website and mobile app performance analytics, and other usage monitoring and analytics activities as part of the Services to youAs determined by Customer
Digital behavioral dataWhen you use our Services (via cookies or web beacons)Provide the Services to you, including visitor digital behavior, website and mobile app performance analytics, and other usage monitoring and analytics activities as part of the Services to youAs determined by Customer
Any additional Personal Data agreed to be processed or otherwise collected under the Agreement with the CustomerWhen you use our ServicesProvide the Services to you, including visitor digital behavior, website and mobile app performance analytics, and other usage monitoring and analytics activities as part of the Services to youAs determined by Customer*

*Customers must refrain, and are contractually prohibited, from transferring to Contentsquare any Personal Data which is subject to specific regulatory or statutory protection regimes (e.g “special categories” of data under the EU GDPR, data of children under the age of 16, health data, financial data, social security information, etc.).

We may process all of the above personal data to comply with our various legal obligations (“Legal Obligations”). Our Legal Obligations include:

  • Comply with applicable laws, regulatory requirements, and our internal policies
  • Prevent, mitigate, and investigate data protection and security incidents, fraud, errors, or any illegal or prohibited activity relating to Contentsquare Services
  • Protect the rights, safety, property, or operations of Contentsquare, you, or others
  • Respond to regulator, law enforcement authorities or other government official/agency request or your data protection requests
  • Enforce agreements with you, resolve disputes, and defend a legal claim

Contentsquare as a Data Controller

Category of Personal DataSource of Personal DataPurpose of processingLegal basis
Identification and Contact Data:
First and last name, email address, and telephone number

When you order and use our Services, or contact us or otherwise interact with us;

From third parties and publicly available sources

Deliver the Services and provide Customer services;

Marketing Communications (as defined below);

Organize, manage, and facilitate access to our events;

Administer the Contentsquare Customer Loyalty Program

Performance of a contract;

Consent or legitimate interest

Professional or Employment-Related Data:
Job position, job title, workplace, and industry

When you order and use our Services, or contact us or otherwise interact with us;

From third parties and publicly available sources

Marketing Communications;

Organize, manage, and facilitate access to our events

Consent or legitimate interest
Agreement and Transaction Data:
Agreements, orders, purchases, payment status, and invoices; and your other interactions with us related to transactions, such as service requests and messaging with our customer service
When you order and use our ServicesManage payments, contracts, transactions, and otherwise meet our contractual requirementsPerformance of a contract; compliance with a legal obligation
Payment Data:
Corporate bank account information of customers
When you order our ServicesManage payments, contracts, transactions, and otherwise meet our contractual requirementsPerformance of a contract; compliance with a legal obligation
Any other Personal Data you voluntarily choose to provide:
Personal Data in request or feedback you send us
When you order and use our Services, contact us or otherwise interact with us

Fulfill your request related to the Services and communicate with you in contract-related matters via phone, mail, email, SMS, chat, and other digital channels including social media;

Marketing Communications

Consent or legitimate interest
Unique identifiers:
IP address, cookie IDs, device IDs, web beacons, pixels, and other similar technologies (as described in our “Cookies Policy”)
When you use our Services (via cookies or web beacons)Internal Development (as defined below)Consent or legitimate interest
Device and technical data:
Domain server, type of device/operating system/browser used to access the Sites, local and language settings; session logging, heatmaps and scrolls; screen resolution, ISP, referring or exit pages; and date and time of your visit.
When you use our Services (via cookies or web beacons)Internal DevelopmentConsent or legitimate interest
Digital behavioral data:
Web page interactions (clicks, browsing, zooms and other interactions), referring web page/source through which you accessed the Sites, and statistics associated with the interaction between device or browser and the Sites.
When you use our Services (via cookies or web beacons)Internal DevelopmentConsent or legitimate interest

Marketing Communications” means when we contact you about Contentsquare Services or send you communications about Contentsquare’s business and events (including communications based on your interests, personal and business characteristics, and location)

  • For Customers and Prospects relations management: we use Personal Data to manage our Customers’ relationships by communicating about relevant topics, ensure current contact information is accurate, and promote events and contests which we arrange.
  • For Sales and Marketing optimization: we use Personal Data that is collected during the Customer relationship, such as from Customer surveys and online behavioral data. Based on these Personal Data, we are able to make marketing more relevant and effective, and send you more personalized communications such as newsletters, special offers and sales, new product announcements, etc. or any other information we think you will find valuable. We may provide such notices through any of the contact means available to us (e.g. phone or email), through the Services, or through our marketing campaigns on any other means.

Internal Development” means when Contentsquare improves and better develops the Services for our Customers including testing, research, reporting, benchmarking, machine learning, analysis about our Services performance, predictions and trend analysis in order to support our business decision-making, to analyze our Customers’ engagement with our Services, to assess the quality of our Services and to consider our Customers’ feedback and needs.

Please note that for our Internal Development, we process de-identified and aggregated data to the extent possible. We may use samples of real data, for example, to test the quality and the performance of our Services. If you do not wish to be part of this test, you can let us know at any time.

5. How long do we keep your Personal Data?

Your Personal Data will be stored by us and our service providers in accordance with applicable data protection laws and data protection authorities guidelines to the extent necessary for the processing purposes set out in this Services Privacy Policy. Subsequently, we will delete your Personal Data in accordance with our Data Retention, Archiving and Disposal Policy or take steps to properly render the Personal Data anonymous, unless we are legally obliged to keep your Personal Data longer (e.g. for legal compliance, tax, accounting or auditing purposes).

Below you will find a summary of the data retention related to each purpose of processing:

Contentsquare as a Data Processor

Purpose of ProcessingData retention
Visitor Digital Behavior analytics and User usage monitoring and analytics13 months (for up to 24 months upon agreement with you)
Support, maintenance, and account managementFor the agreement duration with Customers and then archived for 7 years

Contentsquare as a Data Controller

Purpose of ProcessingData retention
Deliver Services, provide customer service and manage payments, contracts and transactions and otherwise meet our contractual requirementsFor the agreement duration with Customers and then archived for 7 years
Fulfill your request related to the Services and communicate with you in contract-related matters via phone, mail, email, SMS, chat, and other digital channels including social mediaFor the agreement duration with Customers and then archived for 7 years
Administer the Contentsquare Customer Loyalty ProgramFor the Loyalty Program duration and then archived for 7 years
Marketing Communications2 years from the last contact, or 30 days after a deletion request
Organize, manage, and facilitate access to our eventsFor the time necessary to achieve this purpose
Internal DevelopmentUp to 24 months
Legal ObligationsAs required by applicable law or regulation except: in case of a dispute, until the settlement of the dispute; in case of a legal claim, for the duration of the proceedings and until the ordinary and extraordinary means of recourse are exhausted with regard to the decision rendered

6. When and to whom we share your Personal Data?

Your Personal Data is shared for business and commercial purposes throughout Contentsquare and with third parties such as service providers, and government, judicial and law enforcement entities.

In connection with one or more of the purposes outlined in the Section 5 above, we may disclose your Personal Data to:

Contentsquare as a Data Processor

Contentsquare subsidiaries and affiliated companies
We may share, disclose and transfer your Personal Data with our current (please see the list here) and future subsidiaries and affiliated companies for all purposes mentioned in Section 4 above.

Service providers
We use third parties service providers to provide the Services to our Customers. These services include data hosting, data analytics, IT services and cybersecurity and support. Some of our service providers may perform the Services on our behalf, under our instructions, in accordance with our agreement and in compliance with appropriate technical and organizational security measures to protect your Personal Data.

Please see here for the current list of service providers used by Contentsquare as Sub-Processors.

Integrations and enrichment providers
Our tool allows you to integrate third-party tools to send or receive Personal Data to and from the Contentsquare solution in connection within the Contentsquare Services. Customers remain responsible for any Personal Data transmissions between these integration tools and Contentsquare.

Other third parties
We may disclose your Personal Data to third parties, including:

  • Government authorities or public authorities, courts, intergovernmental or supranational bodies for legal processes or protection of life and safety where we believe that access, use, preservation, or disclosure of the information is reasonably necessary, including:
    • To comply with laws, regulations, legal processes or to respond to lawful requests;
    • To enforce or apply our agreements;
    • To protect the rights, interests, property, or safety of Contentsquare, our customers, you, and others;
    • In connection with claims, disputes, or litigation;
    • To protect you and others from fraudulent, abusive, or unlawful use of our Services, and other fraudulent activity. Such disclosure or access may occur if we believe in good faith that we are legally compelled to do so, or that it is appropriate in connection with efforts to investigate, prevent, or take action regarding actual or suspected illegal activity, fraud, or other wrongdoing.

Contentsquare as a Data Controller

Contentsquare subsidiaries and affiliates
We may share, disclose and transfer your Personal Data with our current (please see the list here) and future subsidiaries and affiliated companies for all purposes mentioned in Section 4 above.

Service providers
We use third parties service providers to perform services complementary to our own and support our business. These services include data hosting, data analytics, IT services and cybersecurity, customer services, payment services, consulting, development, support, marketing and advertising, events, promotions and contests. Some of our service providers may perform the Services on our behalf, under our instructions, in accordance with our agreement and in compliance with appropriate technical and organizational security measures to protect your Personal Data. We may also use data broking service providers for Marketing Communications purposes, including data enrichment, data matching, data cleansing and tracing. While some of these service providers may act as a Data Controller, we undertake appropriate and careful due diligence before using their services and they perform their services in accordance with our agreement.

Please see here for the current list of service providers used by Contentsquare as processors.

Other third parties
We may disclose your Personal Data to third parties, including:

  • Partners for marketing, advertising, promotions, contests, events or other similar purposes. (please see here for the list of our current Partners);
  • A buyer, investor, new affiliate or other third party in the event that Contentsquare, or any portion, group thereof, undergoes a business transition, such as a merger or acquisition, or during steps in contemplation of such activities (e.g., negotiations and due diligence).
  • Government authorities or public authorities, courts, intergovernmental or supranational bodies for legal processes or protection of life and safety where we believe that access, use, preservation, or disclosure of the information is reasonably necessary, including:
    • To comply with laws, regulations, legal processes or to respond to lawful requests;
    • To enforce or apply our agreements;
    • To protect the rights, interests, property, or safety of Contentsquare, our customers, and others;
    • In connection with claims, disputes, or litigation;
    • To protect you and others from fraudulent, abusive, or unlawful use of our Services, and other fraudulent activity. Such disclosure or access may occur if we believe in good faith that we are legally compelled to do so, or that it is appropriate in connection with efforts to investigate, prevent, or take action regarding actual or suspected illegal activity, fraud, or other wrongdoing.

7. How do we transfer your Personal Data globally?

Your Personal Data may be accessed, processed and stored in other countries in which Contentsquare has operations, including countries outside of the European Economic Area (EEA).

Contentsquare has implemented safeguards to ensure an adequate level of data protection where your Personal Data is transferred to countries outside the EEA, such as:

  • the recipient country has an adequacy decision from the European Commission;
  • the European Commission’s Standard Contractual Clauses for the transfer of Personal Data.

To see in detail the countries where your Personal Data may be transferred, please click here.

8. How do we secure your Personal Data?

In order to protect your Personal Data held with us and our service providers, we use industry-standard physical, procedural and electronic security measures. However, please be aware that regardless of any security measures used, we cannot and do not guarantee the absolute protection and security of any Personal Data stored with us or with any third parties as described in Section 8 above.

More information about security at Contentsquare can be found here.

9. What are your privacy rights and how to exercise them?

You have rights for the Personal Data we process about you. You can choose to object to, restrict our use of your Personal Data, delete, change or correct your Personal Data, access your Personal Data by filling out our Data Subject Request Form.

Subject to applicable data protection laws, you have multiple privacy rights in respect of the Personal Data we process about you:

  • request confirmation that we are processing your Personal Data;
  • request a copy of Personal Data we hold about you;
  • request that we update Personal Data we hold about you or correct such data that is inaccurate or incomplete;
  • restrict the way in which we use your Personal Data (e.g., if we have no legal right to keep using it) or limit our use of your Personal Data (e.g., if your Personal Data is inaccurate or unlawfully held);
  • object to our processing of your Personal Data relating on grounds to your particular situation or if your Personal Data is processed by us for direct marketing purposes, object at any time to the processing of your Personal Data for such marketing;
  • withdraw the consent that you have given us to process your Personal Data (where we process your Personal Data on the basis of your consent);
  • request that we delete the Personal Data we hold about you; and
  • lodge a complaint with the relevant data protection authority regarding our processing of your Personal Data.

If you want to exercise one or more of the rights mentioned above, you can submit your request using our Data Subject Request Form here. Please note that as part of your data subject request, we may require additional information and documents, including Personal Data, in order to authenticate and validate your identity and to process your request. Such additional data will be then retained by us for legal purposes (e.g. as proof of the identity of the person submitting the request), in accordance with Section 5 above.

10. Children’s Privacy

Our Services are not designed to attract children under the age of 16. If we learn that a person under the age of 16 is using our Services, we will prohibit and attempt to block such use and will make reasonable efforts to promptly delete any Personal Data stored with us with regard to such child. If you believe that we might have any such data, please contact us via our Data Subject Request Portal here.

11. How to contact us?

If you have any comments or questions about this Services Privacy Policy or our privacy practices, please contact us via the link below. You can also contact our DPO at:

  • Global DPO: Content Square SAS, Attn: EU DPO, 7 rue de Madrid 75008 Paris, France. 
  • APAC DPO: Contentsquare Japan G.K., Attn: APAC DPO, Marunouchi Kitaguchi Building 9F Wework 1-6-5 Marunouchi Chiyoda-ku Tokyo 100-0005, Japan.

Each of our DPOs may be reached via email at privacy@contentsquare.com.

12. Updates and Amendments to this Services Privacy Policy

We may update and amend this Services Privacy Policy from time to time. The “Effective Date” at the top of this webpage mentions when this Services Privacy Policy was last revised. Any changes will become effective when we post a revised version of this Services Privacy Policy on our website (www.contentsquare.com). We encourage you to review this Services Privacy Policy periodically to remain informed about how we are protecting your data.

13. Trans-Atlantic Data Privacy Framework Notice

Contentsquare’s entities which are based in the United States of America (Content Square, Inc. and Clicktale Inc.) (together “the US CS entities”) have self-certified with the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework (together, the “Data Privacy Framework”), where such participation is listed at this link, with respect to the Personal Data of individuals residing in the EU, United Kingdom, and Switzerland that the US CS entities process for the purposes identified above in this policy, including any such data processed on behalf of any of their affiliated companies of the Contentsquare group of companies. 

The US CS entities commit to process Personal Data received from the EU, United Kingdom, and Switzerland in accordance with the Data Privacy Framework Principles, including the Supplemental Principles (collectively, the “Principles”) as set forth by the US Department of Commerce concerning the processing of Personal Data .

If there is any conflict between this Services Privacy Policy and the Principles, the Principles shall govern. To learn more about the Data Privacy Framework, please visit this webpage.

Independent Dispute Resolution

To address inquiries or resolve complaints about our processing of Personal Data, residents of the EU, United Kingdom, or Switzerland should first contact Contentsquare via e-mail to privacy[at]contentsquare.com. 

The US CS entities have further committed to refer unresolved privacy complaints under the Data Privacy Framework to the American Arbitration Association’s International Centre for Dispute Resolution (“ICDR-AAA”), a non-profit alternative dispute resolution provider located in the United States to assist with the complaint resolution process. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://go.adr.org/dpf_irm.html for more information and to file a complaint. The services of ICDR-AAA are provided at no cost to you.

Enforcement

The US CS entities are subject to the investigatory and enforcement powers of the Federal Trade Commission (the “FTC”) to ensure our compliance with the Data Privacy Framework as outlined in this Website Privacy Policy.

Arbitration

You may be entitled, under certain conditions as described in the Principles, to invoke binding arbitration when other dispute resolution procedures have been exhausted.

Lawful Access Requests

The US CS entities may be required to disclose Personal Data in response to lawful access requests from public authorities, or to comply with national security or law enforcement requirements. Any such disclosure is made in accordance with our Public Authorities Access Request Policy, available at this link

Onward Transfers of Personal Data

The US CS entities remain responsible to you, as well as potentially liable to you under the conditions set forth in the Principles, for the processing of Personal Data received under the Data Privacy Framework and subsequently transferred to the third parties identified above.