CONTENTSQUARE DECLARATION ON PRIVACY
At Content Square we have a privacy-first philosophy that informs everything we do. We are continuously building our digital trust with our customers and their users, based on a strong data ethics approach.
We believe our commitment to our customers and their users extends beyond just providing best-in-class tools to measure and improve their user experiences; it also means taking a proactive approach to ensuring the privacy of their user data.
At Content Square, we invest significant efforts in ensuring that our products and practices comply with data protection and privacy laws that apply to us and our customers, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act of 2018 (CCPA).
While Content Square does not encourage its customers to use the Content Square service to collect personal identifiable information (e.g. names, emails, phone numbers, addresses and similar identifiable information) or any sensitive information (e.g. credit cards, health information etc.), certain data it receives may be deemed under various privacy regulations as Personal Data (e.g. IP address or other anonymous identifiers such as those within cookies).
As such, Content Square provides various capabilities to enable its customers – deemed the data controller or a business under the applicable regulations – to be compliant with such regulations. In addition, Content Square takes its own measures to ensure its own compliance as a data processor and business. For example, Content Square provides its clients with the following capabilities and options to help customers comply with the requirements of the relevant regulations:
- the ability to block the collection and transfer of any information inserted by a visitor of the website or mobile app, including any personally identifiable or sensitive information;
- the ability to block personally identifiable or sensitive information contained within a webpage or app screen (for example data within the HTML or prefilled data);
- deletion of IP addresses after processing;
- Providing our customers with the ability to allow website visitors to opt out from being tracked;
- customer control over data storage location (EU/US);
- executing appropriate data transfer agreements based on model clauses;
- storing data within a secure environment, managed through procedures and policies that meet ISO 27001 standards;
- supporting audits as required under the regulations;
- supporting incident response and notification requirements;
- supporting any consent requirements of the website and app;
- supporting requests for deletion of data as well as requests by visitors inquiring about any Personal Data held by Content Square;
- retention of Personal Data only for such periods required to provide the service;
- processing Personal Data to provide the services as instructed by the customer and per the terms of an agreement between Content Square and the customer;
- ensuring portability by enabling the export of Personal Data upon request.
In addition to the above Content Square also takes measures for it to comply with any obligations under the applicable regulations. This includes, but is not limited to:
- maintaining appropriate records in respect of its Personal Data processing activities;
- cooperation, upon request, with data protection regulatory bodies, including in respect of any audits;
- executing appropriate agreements with customers, including, if necessary, data transfer agreements and covering issues such as subprocessors and processing instructions;
- processing Personal Data only for the duration necessary for provision of Services;
- not selling, renting, or leasing Personal Data to any third party or using it for any purpose other than as agreed with the data controller;
- implementation of policies and procedures for notifying customers promptly upon becoming aware of a breach of Personal Data;
- a security program that meets ISO 27001 standards.
- implementation of policies and procedures to ensure the organization is able to assess and respond to risks appropriately, as well as to make security and privacy part of its design.
Content Square continues to assess the requirements under the GDPR, CCPA and any other privacy regulation that applies follows any developments in the industry with respect to such regulations and will respond accordingly to ensure it provides the necessary solutions to maintain compliance with such regulations.
With that said, it is important to remember that despite the countless measures taken by Content Square, Content Square is a service provider and data processor and does not face the data subjects themselves. Therefore, it is solely up to Content Square’s customers as data controllers and businesses to comply with any requirements of the GDPR, CCPA or other applicable regulations, relating to them, including any consent or notice requirements in connection with their use of the Content Square solution.
Content Square is happy to work with its customers to help ensure they are able to comply with the obligations under the GDPR, CCPA or any other privacy regulation applicable to them.
If you have any further questions concerning this Privacy Declaration or any other Content Square’s privacy practices, please feel free to contact Content Square’s Data Privacy Team, at privacy@contentsquare.com.