Effective Date: September 6th, 2023 - Version 1.2023
Contentsquare Solution’s User Privacy Policy
1. Scope of the User Privacy Policy
This User Privacy Policy (“User Privacy Policy”) provides information on how Contentsquare group of companies (“Contentsquare”, “we”, “our” or “us”) processes Personal Data relating to our customers’ current and former employees, agents, advisors, freelancers, and vendors (who are natural persons) authorized, or previously authorized, by our customers to use our experience analytics products and services (each a “User” or “you”) including interactions and communications between you and Contentsquare. It also provides you with information about your privacy rights in relation to such processing of your Personal Data.
As used in this User Privacy Policy, “Personal Data” means information that relates to an identified individual or to an identifiable individual, as defined under applicable data protection laws, and “processing” means any operation performed on personal data, as defined under applicable data protection laws.
The other processing activities performed by Contentsquare in relation to our website visitors, visitors of our customers’ websites/apps in connection with our services, and job applicants are governed by separate Privacy Policies available at this link.
2. Who is responsible for processing your Personal Data
Contentsquare will process Users’ Personal Data for the purposes outlined in Section 4 below as a data controller.
Controller’s representative
Content Square SAS has been designated as Contentsquare’s representative in the European Union for data protection matters pursuant to Article 27 of the General Data Protection Regulation.
Data Protection Officer and contact details
Contentsquare has appointed DPOs to oversee the protection of your Personal Data. If you have any questions about this privacy policy or about our data protection practices, you can contact our DPOs at:
Global DPO: Content Square SAS, Attn: Global DPO, 7 rue de Madrid 75008 Paris, France;
APAC DPO: Contentsquare Japan G.K., Attn: APAC DPO, Marunouchi Kitaguchi Building 9F Wework 1-6-5 Marunouchi Chiyoda-ku Tokyo 100-0005, Japan.
or via email using this link.
3. Which Personal Data do we process about you
Contentsquare collects and processes Personal Data that directly identifies you (e.g., name, contact details) and indirectly identifies you (e.g., unique identifiers) from various sources.
Category of Personal Data | Source of Personal Data |
Identification and Contact data: first and last name, email address, username and password, telephone numbers, photo, video, voice | When your information has been shared with us by customer and when you create your account to access our SaaS platform; When you use our Services, or contact us or otherwise interact with us (via phone, mail, email, SMS, chat, and other digital channels including online forms and social media), notably for support; When you register to receive communications from us, sign up for/attend an event or webinar; participate in a program, training, certification, study or survey; download certain content on our website; From third parties and publicly available sources |
Professional or Employment-related data: Company name, job position, job title, workplace, and industry | When your information has been shared with us by customer and when you create your account to access our SaaS platform; When you register to receive communications from us, sign up for/attend an event, webinar; participate in a program, training, certification, study or survey; download certain content on our website; When you use our Services, or contact us or otherwise interact with us (via phone, mail, email, SMS, chat, and other digital channels including social media) notably for support; From third parties and publicly available sources. |
Any other Personal Data you voluntarily choose to provide: Personal Data in request or feedback you send us | When you contact us (via phone, mail, email, SMS, chat, and other digital channels including social media), notably for support; When you participate in a program, training, certification, study or survey. |
Unique identifiers: IP address, cookie IDs, device IDs, web beacons, pixels, and other similar technologies | When you use our Services or interact with us (via cookies, web beacons or similar technologies) |
Device and technical data: Domain server, type of device/operating system/browser used to access the customer sites, local and language settings; session logging, heatmaps and scrolls; screen resolution, ISP, referring or exit pages; and date and time of your visit. | When you use our Services or interact with us (via cookies, web beacons or similar technologies) |
Digital behavioral data: Web page interactions (clicks, browsing, zooms and other interactions), referring web page/source through which you accessed the customer sites, and statistics associated with the interaction between device or browser and the customer sites. | When you use our Services or interact with us (via cookies, or web beacons or similar technologies) |
4. Why do we process your Personal Data and for how long?
We process your Personal Data mainly to provide the Services to our customers in accordance with the agreement signed with them.
We may also process your Personal Data for other purposes including to support our legitimate interests in maintaining and improving our Services and sales offerings, understanding how our Services are used, optimize our marketing of the Services, our customer service and support operations, to respond to a data subject request from you or request from a regulator and to defend a legal claim in order to comply with applicable laws.
Your Personal Data will be stored by us and our service providers in accordance with applicable data protection laws and data protection authorities guidelines to the extent necessary for the processing purposes set out in this User Privacy Policy. Subsequently, we will delete your Personal Data in accordance with our Data Retention, Archiving and Disposal Policy or take steps to properly render the Personal Data anonymous, unless we are legally obliged to keep your Personal Data longer (e.g. for legal compliance, tax, accounting or auditing purposes).
Below you will find a summary of the purposes for which we process your Personal Data with the corresponding legal basis and retention period:
Purpose of processing | Legal basis | Retention period |
Authenticate you and manage your access to the Services | Performance of a contract | For the agreement duration with our Customers or until the deactivation of the account |
Provide services including customer service, support and maintenance | Performance of a contract | For the agreement duration with our Customers and then archived for 7 years |
Manage our Customer relationship (including fulfilling your request related to the Services and communicate with you in contract-related matters) | Performance of a contract | For the agreement duration with our Customers and then archived for 7 years |
Marketing (as defined below) | Legitimate interest and consent | 2 years from the last contact |
Organize, manage, and facilitate access to our events | Legitimate interest | 2 years from the last contact |
Organize, manage and conduct programs, trainings, certifications | Performance of a contract | For the agreement duration with our Customers |
Manage feedback and conduct survey or studies | Legitimate interest | For the agreement duration with our Customers |
Manage your access and participation to Contentsquare Community | Performance of a contract | For the agreement duration with our Customers or until the deactivation of the account |
Administer the Contentsquare Customer Loyalty Program | Performance of a contract | For the agreement duration with our Customers |
Internal Development (as defined below) | Legitimate interest | Up to 24 months |
Usage monitoring and analytics activities of your use of our services | Legitimate interest | Up to 24 months |
Comply with applicable laws, regulatory requirements, and our internal policies | Legal obligation | As required by applicable law or regulation |
Prevent, mitigate, and investigate data protection and security incidents, fraud, errors, or any illegal or prohibited activity relating to Contentsquare Services | Legitimate interest and Legal obligation | As required by applicable law or regulation |
Protect the rights, safety, property, or operations of Contentsquare, you, or others | Legitimate interest | As required by applicable law or regulation |
Respond to regulator, law enforcement authorities or other government official/agency request or your data protection requests | Legal obligation | For the time necessary to respond to the request or communication and then archived as required by applicable law or regulation |
Enforce agreements, resolve disputes, and defend a legal claim | Legitimate interest | As required by applicable law or regulation except: (i) in case of dispute, until the settlement of the dispute; (ii) in case of a legal claim, for the duration of the proceedings and until the ordinary and extraordinary means of recourse are exhausted with regard to the decision rendered |
Process your data subject right request | Legal obligation | For the time necessary to respond to the request or communication and then archived as required by applicable law or regulation |
“Marketing” means when we contact you about our Services or send you communications about Contentsquare’s services, business, contests and events (including communications based on your interests, personal and business characteristics, and location) and ensure current contact information is accurate. We may provide such notices through any of the contact means available to us (e.g. phone or email), through the Services, or through our marketing campaigns on any other means.
We use Personal Data that is collected during the Customer relationship, such as from surveys and online behavioral data for marketing optimization. Based on this Personal Data, we are able to make marketing more relevant and effective, and send you more personalized communications such as newsletters, special offers and sales, new product announcements, etc. or any other information we think you will find valuable.
“Internal Development” means when Contentsquare improves and better develops the Services for our Customers including testing, research, reporting, benchmarking, machine learning, analysis about our Services performance, predictions, and trends in order to support our business decision-making, to analyze our Customers’ experiences, satisfaction, and engagement with our Services, to assess the quality of our Services, and to consider our Customers’ feedback and needs.
5. When and to whom we share your Personal Data
Your Personal Data is shared for business and commercial purposes throughout Contentsquare and with third parties such as our service providers, and government, judicial, and law enforcement entities.
In connection with one or more of the purposes outlined in the Section 4 above, we may disclose your Personal Data to:
Contentsquare subsidiaries and affiliated companies
We may share, disclose, and transfer your Personal Data with our current (please see the list here) and future subsidiaries and affiliated companies for all purposes mentioned in Section 4 above.
Service providers
We use third parties service providers to perform services complementary to our own and support our business. These services include data hosting, data analytics, IT services and cybersecurity, customer services, payment services, consulting, development, support, marketing and advertising, events, promotions and contests. Some of our service providers may perform the Services on our behalf, under our instructions, in accordance with our agreement and in compliance with appropriate technical and organizational security measures to protect your Personal Data. We may also use data broking service providers for Marketing Communications purposes, including data enrichment, data matching, data cleansing and tracing. While some of these service providers may act as a Data Controller, we undertake appropriate and careful due diligence before using their services and they perform their services in accordance with our agreement.
Please see here for the current list of service providers used by Contentsquare as processors.
Integrations and enrichment providers
Our tool allows customers to integrate third-party tools to send or receive Personal Data to and from the Contentsquare solution in connection within the Contentsquare Services. Our customers remain responsible for any Users Personal Data transmissions between these integration tools and Contentsquare.
Our Contentsquare Digital Experience Alerts is enabled by Microsoft Bot Framework. The Microsoft Bot Framework is a set of web-services that enable intelligent services and connections using conversation channels you authorize. As a service provider, Microsoft will transmit content you provide to our bot/service in order to enable the service. For more information about Microsoft privacy policies please see their privacy statement here: http://go.microsoft.com/fwlink/?LinkId=521839. In addition, your interactions with this bot/service are also subject to the conversational channel’s applicable terms of use, privacy and data collection policies. To report abuse when using a bot that uses the Microsoft Bot Framework to Microsoft, please visit the Microsoft Bot Framework website at https://www.botframework.com and use the “Report Abuse” link in the menu to contact Microsoft.
Other third parties
We may disclose your Personal Data to third parties, including:
Partners for marketing, advertising, promotions, contests, events or other similar purposes;
A buyer, investor or other third party in the event that Contentsquare, or any portion, group thereof, undergoes a business transition, such as a merger or acquisition, or during steps in contemplation of such activities (e.g., negotiations and due diligence).
Government authorities or public authorities, courts, intergovernmental or supranational bodies for legal processes or protection of life and safety where we believe in good faith that access, use, preservation, or disclosure of the information is legally or reasonably necessary.
6. To where and how we transfer your Personal Data
Your Personal Data may be accessed, processed, and stored in other countries in which Contentsquare has operations, including countries outside of the European Economic Area (EEA).
Contentsquare has implemented safeguards to ensure an adequate level of data protection where your Personal Data is transferred to countries outside the EEA, such as:
the recipient country has an adequacy decision from the European Commission;
the European Commission’s Standard Contractual Clauses for the transfer of Personal Data;
Self certification to the Trans-Atlantic Data Privacy Framework.
To see in detail the countries where your Personal Data may be transferred, please click here.
Trans-Atlantic Data Privacy Framework Notice
Contentsquare’s entities which are based in the United States of America (Content Square, Inc. and Clicktale Inc.) (together “the US CS entities”) have self-certified with the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework (together, the “Data Privacy Framework”), where such participation is listed at this link, with respect to the Personal Data of individuals residing in the EU, United Kingdom, and Switzerland that the US CS entities process for the purposes identified above in this policy, including any such data processed on behalf of any of their affiliated companies of the Contentsquare group of companies.
The US CS entities commit to process Personal Data received from the EU, United Kingdom, and Switzerland in accordance with the Data Privacy Framework Principles, including the Supplemental Principles (collectively, the “Principles”) as set forth by the US Department of Commerce concerning the processing of Personal Data.
If there is any conflict between this User Privacy Policy and the Principles, the Principles shall govern. To learn more about the Data Privacy Framework, please visit this webpage.
Independent Dispute Resolution
To address inquiries or resolve complaints about our processing of personal data, residents of the EU, United Kingdom, or Switzerland should first contact Contentsquare via e-mail to privacy[at]contentsquare.com.
The US CS entities have further committed to refer unresolved privacy complaints under the Data Privacy Framework to the American Arbitration Association’s International Centre for Dispute Resolution (“ICDR-AAA”), a non-profit alternative dispute resolution provider located in the United States to assist with the complaint resolution process. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://go.adr.org/dpf_irm.html for more information and to file a complaint. The services of ICDR-AAA are provided at no cost to you.
Enforcement
The US CS entities are subject to the investigatory and enforcement powers of the Federal Trade Commission (the “FTC”) to ensure our compliance with the Data Privacy Framework as outlined in this User Privacy Policy.
Arbitration
You may be entitled, under certain conditions as described in the Principles, to invoke binding arbitration when other dispute resolution procedures have been exhausted.
Lawful Access Requests
The US CS entities may be required to disclose Personal Data in response to lawful access requests from public authorities, or to comply with national security or law enforcement requirements. Any such disclosure is made in accordance with our Public Authorities Access Request Policy, available at this link.
Onward Transfers of Personal Data
The US CS entities remain responsible to you, as well as potentially liable to you under the conditions set forth in the Principles, for the processing of Personal Data received under the Data Privacy Framework and subsequently transferred to the third parties identified above.
7. How we secure your Personal Data
In order to protect your Personal Data held with us and our service providers, we use industry-standard physical, procedural and electronic security measures. However, please be aware that regardless of any security measures used, we cannot and do not guarantee the absolute protection and security of any Personal Data stored with us or with any third parties as described in Section 5 above.
More information about security at Contentsquare can be found here.
8. What are your privacy rights and how to exercise them?
You have rights for the Personal Data we process about you. You can choose to object to, restrict our use of your Personal Data, delete, change or correct your Personal Data, access your Personal Data by filling out our Data Subject Request Form.
Subject to applicable data protection laws, you have multiple privacy rights in respect of the Personal Data we process about you:
request confirmation that we are processing your Personal Data;
request a copy of Personal Data we hold about you;
request that we update Personal Data we hold about you or correct such data that is inaccurate or incomplete;
restrict the way in which we use your Personal Data (e.g., if we have no legal right to keep using it) or limit our use of your Personal Data (e.g., if your Personal Data is inaccurate or unlawfully held);
object to our processing of your Personal Data relating on grounds to your particular situation;
Object to our processing of your Personal Data for direct marketing purposes, at any time;
withdraw the consent that you have given us to process your Personal Data (where we process your Personal Data on the basis of your consent);
request that we delete the Personal Data we hold about you; and
lodge a complaint with the relevant data protection authority regarding our processing of your Personal Data.
If you want to exercise one or more of the rights mentioned above, you can submit your request using our Data Subject Request Form here. Please note that as part of your data subject request, we may require additional information and documents, including Personal Data, in order to authenticate and validate your identity and to process your request. Such additional data will be then retained by us for legal purposes (e.g. as proof of the identity of the person submitting the request), in accordance with Section 4 above.
9. Children’s Privacy
Our Services are not designed to attract children under the age of 16. If we learn that a person under the age of 16 is using our Services, we will prohibit and attempt to block such use and will make reasonable efforts to promptly delete any Personal Data stored with us with regard to such child. If you believe that we might have any such data, please contact us via our Data Subject Request Portal here.
10. US State Privacy Notices
If you are a resident of the United States of America, you may have additional privacy rights as promulgated by your local state legislature.
We have published a dedicated webpage to supplement this User Privacy Policy and detail relevant additional information to residents of those certain US states which have enacted their own comprehensive data protection laws and regulations.
You can visit our US State Privacy Notices webpage at this link.
11. How to contact us?
If you have any comments or questions about this User Privacy Policy or our handling privacy practices, please contact us at privacy@contentsquare.com. You can also contact our DPOs at:
Global DPO: Content Square SAS, Attn: Global DPO, 7 rue de Madrid 75008 Paris, France;
APAC DPO: Contentsquare Japan G.K., Attn: APAC DPO, Marunouchi Kitaguchi Building 9F Wework 1-6-5 Marunouchi Chiyoda-ku Tokyo 100-0005, Japan.
or via email using this link.
12. Updates and Amendments to this User Privacy Policy
We may update and amend this User Privacy Policy from time to time. The “Effective Date” at the top of this webpage mentions when this User Privacy Policy was last revised. Any changes will become effective when we post a revised version of this User Privacy Policy on our website (www.contentsquare.com). We encourage you to review this User Privacy Policy periodically to remain informed about how we are protecting your data.