Chartbeat Privacy Policy
Effective Date: August 9, 2024
This privacy policy (the “Privacy Policy”) describes how Chartbeat, Inc. (“Chartbeat”, “we”, “our” or “us”) collects and uses Personal Data (defined below) relating to: (i) Visitors of our websites (“Chartbeat Site Visitors”), including chartbeat.com (collectively, the “Site”); (ii) registered users of the Chartbeat service (“Customers”); and (iii) visitors to our Customers’ websites (“Customer Websites”) on which the Chartbeat service is implemented (“Customer Visitors”).
Certain sections of this Privacy Policy are only relevant if you are a Chartbeat Site Visitor; others are only relevant if you are a Customer, or a Customer Visitor. “Personal Data” means any information that identifies or relates to a particular individual and also includes information referred to as “personally identifiable information,” “personal information,” or “personal data” under applicable data privacy laws, rules, or regulations.
Chartbeat is a company with an address at 701 Tillery Street, Unit 12-1019, Austin, Texas 78702. We are the data controller of the Personal Data that we collect about Chartbeat Site Visitors and about our Customers. We are the data processor of the Personal Data that we collect about Customer Visitors.
If you have any questions or comments regarding this Privacy Policy or its enforcement, please contact us at [email protected]. Where appropriate, we may refer you to our Customer in respect of any queries relating to the Customer as the data controller.
You may print a copy of this Privacy Policy by clicking here.
This privacy policy describes the following important topics relating to your information:
- Application of this Privacy Policy
- Notification of Changes
- Sources of Information; What Information We Collect and How We Use It
- Our Legal Basis and Commercial Purposes for Use of Your Personal Data
- Disclosure of Information to Third Parties
- Your Rights
- Links to Third Party Websites
- Privacy Protection for Children
- Security
- Location and Storage of Personal Data
- HR Data
- Contact Us
You can find out more information in Section 6 about the various rights you have with respect to our use of your Personal Data.
1. APPLICATION OF THIS PRIVACY POLICY
Please read this Privacy Policy carefully – by visiting the Site or using the Chartbeat service (the “Service”), you confirm that you have read about and understand our use and processing of your Personal Data as set out in this Privacy Policy.
If you are a Customer using the Service, this Privacy Policy is a part of our Terms of Service. “Terms of Service” as used herein shall refer to our online terms of use as well as the terms of any master service agreement or other agreement governing use of the Service. Customers agree to be bound by the Terms of Service and to have read and understood this Privacy Policy. Capitalized terms used here and defined in the Terms of Service shall have the meanings set forth in the Terms of Service. Any order forms or additional agreements to which Customers agree governing the provision of optional Chartbeat features shall take precedence over the terms of this Privacy Policy to the extent of any differences, so please read such order forms or additional agreements carefully.
This Privacy Policy only addresses activities on our Site and Service. This Privacy Policy does not cover the practices of companies we don’t own or control or people we don’t manage.
2. NOTIFICATION OF CHANGES
We may make changes to this Privacy Policy from time to time. If we make any material changes to this Privacy Policy, we will notify the relevant website visitors and/or Customers via e-mail or otherwise in some manner through the Site or Service.
3. SOURCES OF INFORMATION; WHAT INFORMATION WE COLLECT AND HOW WE USE IT
We collect Personal Data about you from:
- You: when you provide such information directly to us, and when Personal Data about you is automatically collected in connection with your use of our Services.
- Third parties: when they provide us with Personal Data about you (“Third Parties”). Third Parties that share your Personal Data with us include:
- Service providers. For example, we may use analytics service providers to analyze how you interact and engage with the Services, or third parties may help us provide you with customer support.
- Social networks connected to the Services. If you provide your social network account credentials to us or otherwise sign in to the Services through a third party site or service, you understand some content and/or information in those accounts may be transmitted into your Account with us.
- Advertising partners. We receive information about you from some of our service providers who assist us with marketing or promotional services related to how you interact with our websites, applications, products, services, advertisements or communications.
We use the information we collect from Chartbeat Site Visitors, Chartbeat Customers, and Customer Visitors to create a secure and personalized service, according to the purposes described below.
- CHARTBEAT SITE VISITORS (WHICH INCLUDES CUSTOMERS WHO VISIT THE SITE)
Category of Personal Data | Personal Data Collected | What is the source of this Personal Data? |
---|---|---|
Personal identifiers Examples : Real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number or other similar identifiers | Name, account name, email address, IP address, business postal address | You or your Chartbeat account’s administrator |
Payment data Examples : Financial account information, credit card number, payment card type, last 4 digits of payment card, billing information | Payment card type, last 4 digits of payment card, billing address, phone number, and email | You or your Chartbeat account’s administrator |
Internet or other similar network activity information Examples : Browsing history, search history, or information on a consumer’s interaction with a website, application or advertisement | Browsing history on our website or applications | You |
Geolocation data Examples : Physical location or movements | We collect approximate location data based on a user’s anonymized IP address | You |
Our primary purposes of collecting Personal Data of Chartbeat Site Visitors is to conduct analytics of website traffic and to provide information you request (e.g. newsletter subscriptions, responses to support tickets). For more information regarding our purposes of collecting and using this Personal Data, please see Section 4.
- CUSTOMERS (THOSE WHO USE THE CHARTBEAT PRODUCT)
For Customers specifically, we collect and store Personal Data that our Customers submit to Us, such as their names, job roles, e-mail addresses, and billing information, to allow us to identify Customers, provide the Service and notify Customers of changes or updates to the Service. All payment data is processed by our payment processors, PayPal, Inc. (“PayPal”) and Zuora, Inc. (“Zuora”). Please see PayPal’s user agreement and privacy statement and Zuora’s terms and conditions and privacy statement for information on each company’s use and storage of your Personal Data.
If a Customer elects to provide it, we also collect and store the Customer’s phone number, which we use to assist us in providing the Service, including to contact them in account recovery and other scenarios.
We also collect other information from Customers, such as IP address and browser type. We use the IP addresses of Customers to assist in login and other uses related to Customers’ use of the Service. Customers’ sessions on our Site are also tracked for systems administration purposes and to track user trends. We may link IP address and other information to a Customer’s account.
We also collect Customers’ user ID and password information to enable them to log into and use the Service.
Finally, Customers may start receiving marketing emails from us when they register for the Service. We believe it is of our common interest for the Customer to know more about our services and products. Customers can opt-out of marketing emails by utilizing the unsubscribe links provided therein, but we may still need to send Customers e-mails relating to their accounts (e.g. support requests response, security warnings, updates to our Terms and Conditions), as strictly needed, so we can continue to provide our Services in accordance with our obligations to you. - CUSTOMER VISITORS (INDIVIDUALS WHO VISIT PUBLISHERS’ WEBSITES)
For Customer Visitors, when a Customer Visitor visits a Customer Website, we collect certain information regarding their use of the Customer Website, such as their IP address and browser type on behalf of our Customer. Their session on the Customer Website will be tracked. We may use their IP address to identify the general geographic area from which they are accessing the Customer Website. We remove the last octet of the IP address and therefore do not store IP addresses or link IP addresses to any Personal Data. We also use this information for systems administration purposes, abuse prevention and to track user trends in connection with our provision of the Service.
As part of the Service, we collect information relating to traffic on the Customer Websites (“Traffic Data”) on which Customers choose to activate the Service. In connection with the collection of this Traffic Data, Chartbeat does not collect any Personal Data from Customer Visitors, (i) so long as the Customer configures the Chartbeat code on the Customer Website in accordance with the instructions and documentation provided by Us, so that URLs containing Personal Data of Customer Visitors are not captured by the Service, and (ii) provided that we do collect IP addresses from Customer Visitors in order to show geolocation information but we remove the last octet of the IP address and therefore do not store IP addresses in a manner that would permit direct personal identification.
Traffic Data is used to provide Customers with real-time analytics and uptime monitoring. We may aggregate and anonymize Traffic Data with that from other sites to provide benchmarking data and other functionality, but we will not use or disclose aggregated Traffic Data in a manner that reveals the identity of a Customer or Customer Website without the Customer’s express prior consent.
We also collect first party cookie IDs on behalf of Customers. Chartbeat code, by default, sets and reads a cookie on the Customer’s website domain containing a randomly-generated user ID for purposes of determining unique visitor counts and visitors’ loyalty to a site. Such information can be classified as Personal Data under the European General Data Protection Regulation and any other applicable data protections legislations which Chartbeat may be subject to, including the Brazilian General Data Protection Law (Federal Law n. 13,709/2018) (together, “Data Protection Laws”), but it is not stored in a manner that would permit personal identification.
We also collect and use browser header information to help us understand from which websites a Customer Visitor navigates to a Customer Website.
Our online Terms of Service provide that Customers are required to: (a) make appropriate disclosures using the Customer’s privacy policy or via statements on the Customer’s website(s); and (b) obtain all Customer Visitors’ consent to the use of cookies, if applicable and when required by Data Protection Laws. Further, our Customers are solely responsible for the accuracy, quality, and legality of (i) the Personal Data provided to us by or on behalf of the Customer and (ii) the means by which the Customer acquired any such Personal Data. Chartbeat is not and shall not be liable for any collection or use of Personal Data of Customer Visitors due to a Customer’s placement of the Chartbeat code on the Customer Website not in accordance with Chartbeat’s instructions or documentation. - COOKIES
Like many other websites, we use a standard technology called “cookies.” Cookies are small pieces of information stored on your hard drive. They can help make the Internet experience quicker, more convenient and more customized to you. Below is a brief description of the cookies with respect to our Site Visitors, Customers, and Customer Visitors.
OUR SITE VISITORS | As set forth above, we may use cookies on our Site in connection with third party services to provide certain functionalities, run analytics on our Site and, with respect to Chartbeat Site Visitors only, for the purposes of cross-contextual behavioral advertising. |
CUSTOMERS | Cookies allow Customers to login without entering their user ID and password each time they use the Service. |
CUSTOMERS’ WEBSITES | We also use cookies on each Customer Website, in order to provide Services to that particular Customer. These cookies help our Customers understand how Customer Visitors interact with their websites. If a Customer does not allow the placement of Chartbeat cookies on its Customer Website, the “new vs. returning user” data point in its Chartbeat dashboard will not be accurately reported. If you are Customer and choose to remove Chartbeat cookies, please refer to the documentation for your browser. You can view a full list of our Customer Website cookies here. |
Most browsers have an option for turning off the cookie feature, which will prevent your browser from accepting new cookies, as well as (depending on the sophistication of your browser software) allowing you to decide on acceptance of each new cookie in a variety of ways. With respect to cookies on our Site, you can also explore what cookie settings are available to you or modify your preferences with respect to cookies via cookie management settings by clicking “Your Privacy Settings” in the footer of the Site or by implementing the Global Privacy Control. If a Customer disables cookies, it will not be able to use the data tracking capabilities of the Service.
4. OUR LEGAL BASIS AND COMMERCIAL PURPOSES FOR USE OF YOUR PERSONAL DATA
We consider that the legal bases for using your Personal Data as set out in this Privacy Policy are as follows:
- CHARTBEAT SITE VISITORS
Our use of your Personal Data is necessary:- To perform our obligations in connection with the Terms of Use which Customers accept by using the Service; or
- For our legitimate interests or business purposes (for example, to ensure the security of our Site). Our legitimate interests and business purposes are to: (i) run, grow and develop our business; (ii) operate our Site; (iii) analyze the use of our Site and make improvements; (iv) identify Chartbeat Site Visitors and administer the Service; (v) make product decisions; (vi) notify Chartbeat Site Visitors of changes or updates to the Site; (vii) for systems administration purposes; and (viii) to track Chartbeat Site Visitor trends.
- CUSTOMERS
Our use of your Personal Data is necessary:- To perform our obligations in connection with the Terms of Use which you accept by using the Service and/or to comply with our contract to provide Services to you or (if you are an employee of a Customer) your employer; or
- For our legitimate interests or the legitimate interests of others (for example to ensure the security of our Site). Our legitimate interest are to: (i) run, grow and develop our business; (ii) operate our Site; (iii) allow us to identify Customers; (iv) provide the Service; (v) notify Customers of changes or updates to the Service; (vi) contact you in account recovery and other scenarios; (viii) assist in login and other uses related to Customers’ use of the Service; (ix) perform systems administration activities; (x) track visitor trends; (xi) enable you to log into and use the Service; (xii) send marketing emails; (xiii) send account related emails.If we rely on your consent for us to use your Personal Data in a particular way, but you later change your mind, you may withdraw your consent by contacting us at [email protected] and we will stop doing so. However, if you withdraw your consent, this may impact the ability for us to be able to provide our Service.
- CUSTOMER WEBSITE VISITORS
We are processors of information about Customer Visitors on behalf of our Customers to provide our Services in accordance with our Customer agreements. Accordingly, if you are a Customer Visitor, you should check the privacy policy of the website that you are visiting and that is being operated by our Customer. Section 3 above describes how we process information on behalf of our Customers.
5. DISCLOSURE OF INFORMATION TO THIRD PARTIES
We may disclose your Personal Data as described in this section, or with your express consent.
- TRAFFIC DATA
For Customers and Customer Visitors, we may aggregate and anonymize Traffic Data with that from Our other Customers to provide benchmarking data and other functionality, but we will not disclose aggregated Traffic Data in a manner that reveals the identity of a Customer or a Customer Website without the Customer’s express prior consent. We may share Traffic Data of our Chartbeat Site Visitors with third parties that help us provide certain functionalities, conduct analysis, or assist in the marketing of our Services across third party platforms, usually via cookies placed on our Site. You may exercise your right to opt-out of certain cookies by accessing “Your Privacy Settings” in the footer of the Site. - AGENTS, VENDORS AND SERVICE PROVIDERS
For all types of Personal Data (from Chartbeat Site Visitors, Customers and Customer Visitors ), we employ other companies and people to perform tasks on our behalf and may need to share Personal Data with them to provide our products and services (“Service Providers”). Examples include billing, technical assistance, marketing, and customer service. We will only disclose Personal Data to Service Providers that is necessary in order for them to provide us services. - AFFILIATES AND BUSINESS TRANSFERS
Chartbeat may transfer the Personal Data that we collect to a third party if we undergo a merger, acquisition, bankruptcy or other transaction in which that third party assumes control or ownership of our business or assets (in whole or in part). Should one of these events occur, we will make reasonable efforts to notify you before your information becomes subject to different privacy and security policies and practices. We may also share Personal Data with our affiliates. - DATA THAT IS NOT PERSONAL DATA
Chartbeat may create aggregated, de-identified or anonymized data from the Personal Data we collect, including by removing information that makes the data personally identifiable to a particular user. We may use such aggregated, de-identified or anonymized data and share it with third parties for our lawful business purposes, including to analyze, build and improve the Services and promote our business, provided that we will not share such data in a manner that could identify you. - PUBLIC AUTHORITIES AND COMPLIANCE WITH LAW
Chartbeat may be required to disclose Personal Data in response to a lawful request by public authorities, including to meet national security or law enforcement requirements, prevent illegal activity, or comply with any legal obligation. - ENFORCE OUR TERMS OF USE AND AGREEMENTS
We may disclose your Personal Data to third parties in order to enforce or apply our Terms of Service, or any other agreement or to respond to any claims, to protect our rights or the rights of a third party, to protect the safety of any person or to prevent any illegal activity. - PROTECT RIGHTS AND PROPERTY
We may disclose your Personal Data to protect the rights, property, or safety of Chartbeat, our staff, our Customers or other persons. This may include exchanging Personal Data with other organizations for the purposes of fraud protection. - VOLUNTARY PUBLIC DISCLOSURE OF PERSONAL DATA
Please be aware that whenever one voluntarily discloses Personal Data online – e.g., on message boards, in chat areas, in file uploads, through events, etc. – that information becomes public and can be collected and used by others and indexed in search engines. We have no control over, and take no responsibility for, the use, storage or dissemination of such publicly disclosed Personal Data. By posting Personal Data online in public forums, users may receive unsolicited messages from other parties.
If you log on to our Site or Service through a social networking site (e.g., Facebook or Twitter), we may receive personal or anonymous data about you from that site, in accordance with the terms of use and privacy policy of that site. We may add this information to the information we have already collected from you via the Site or Service.
6. YOUR RIGHTS
If you are a Chartbeat Site Visitor, you may exercise your rights with us in accordance with this section. Please note that your rights may be subject to additional requirements, conditions, or exceptions in accordance with applicable law.
If you have any questions about your rights, please reach out to [email protected].
A. OPTING OUT OF MARKETING COMMUNICATIONS
You may receiving marketing communications from us, for instance, when you register for the Service. If you would like to opt-out of such communications, you may unsubscribe in the link provided in any email communication.
B. EUROPEAN UNION, UNITED KINGDOM, AND SWISS RESIDENT RIGHTS
If you are a European Union (“EU”), United Kingdom (“UK”), or Swiss resident, you have certain rights pursuant to applicable law, such as the General Data Protection Regulation. If you are a Customer Visitor, we act as a processor of your Personal Data; you may have to contact Customers directly to exercise your rights.Please note that the rights described below may be subject to additional limitations or exceptions, under applicable law.
- RIGHT OF ACCESS
You have a right of access to any Personal Data we hold about you. Depending on the jurisdiction under which the processing of Your Personal Data takes place, this may include the right to obtain additional information about how your data is processed, with whom it was shared, what would happen if you withdrew your consent, among other information, assured by Data Protection Laws. You can ask us (or if you are a Customer Visitor, the Customer which operates the Customer Website that you are visiting) for a copy of your Personal Data; confirmation as to whether your Personal Data is being used by Us; and details about how and why it is being used.Please note that we do not retain IP addresses, browser information or header information relating to Customer Visitors for more than a temporary period of time in order to provide the Service, and as such, that information cannot be accessed. - RIGHT TO UPDATE YOUR INFORMATION
You have a right to request an update to any of your Personal Data which is out of date or incorrect.Please note that we do not retain IP addresses, browser information or header information relating to Customer Visitors for more than a temporary period of time in order to provide the Service, and as such, that information cannot be modified. - RIGHT TO DELETE YOUR INFORMATION
You have a right to ask us (or if you are a Customer Visitor, the Customer which operates the Customer Website that you are visiting) to delete any Personal Data which is being held about you in certain specific circumstances. ou can ask us (or if you are a Customer Visitor, the Customer which operates the Customer Website that you are visiting) for further information on these specific circumstances. When applicable, contact us at [email protected].
We will pass your request onto other recipients of your Personal Data unless that is impossible or involves disproportionate effort. You can ask us who the recipients are, by contacting us at [email protected].
Please note that we do not retain IP addresses, browser information or header information relating to Customer Visitors for more than a temporary period of time in order to provide the Service, and as such, that information cannot be deleted. - RIGHT TO RESTRICT USE OF YOUR INFORMATION OR OBJECT TO PROCESSING
You have a right to ask us (or if you are a Customer Visitor, the Customer which operates the Customer Website that you are visiting) to restrict the way that we process your Personal Data in certain specific circumstances. You can ask us (or if you are a Customer Visitor, the Customer which operates the Customer Website that you are visiting) for further information on these specific circumstances. Contact us at [email protected].We will pass your request onto other recipients of your Personal Data unless that is impossible or involves disproportionate effort. You can ask us who the recipients are by contacting us at [email protected]. - RIGHT OF DATA PORTABILITY
You have a right to ask us to provide your Personal Data to a third party provider of services. This right only applies where we use your Personal Data on the basis of your consent or performance of a contract; and where our use of your information is carried out by automated means. - DATA PRIVACY FRAMEWORK
Chartbeat and its subsidiary Tubular Labs, Inc. (“Tubular”) comply with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF (“UK-U.S. DPF”), and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) (collectively, the “DPF”) as set forth by the U.S. Department of Commerce. Chartbeat and Tubular have certified to the U.S. Department of Commerce thatwethey adhere to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) and applicable principles under the UK-U.S. DPF (“UK-U.S. DPF Principles”) with regard to the processing of Personal Data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK-U.S. DPF. Chartbeat and Tubular have certified to the U.S. Department of Commerce that they adhere to the Swiss-U.S. Data Privacy Framework Principles (“Swiss-U.S. DPF Principles”) with regard to the processing of Personal Data received from Switzerland in reliance on the Swiss-U.S. DPF (with the EU-U.S DPF Principles and the UK-U.S. DPF Principles, collectively, the “DPF Principles”). If there is any conflict between the terms in this Privacy Policy and the DPF Principles, the DPF Principles shall govern. To learn more about the DPF program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
The Federal Trade Commission has jurisdiction over Chartbeat’s compliance with the EU-U.S. DPF, the UK-U.S. DPF and the Swiss-U.S. DPF. This Privacy Policy describes the types of Personal Data we collect, the purposes for which we collect and use your Personal Data, and the purposes for which we disclose your Personal Data to certain types of third parties in the sections above. Pursuant to the DPF, EU, UK, and Swiss individuals have the right to obtain our confirmation of whether we maintain Personal Data relating to you in the U.S. Upon request, we will provide you with access to the Personal Data that we hold about you. You may also correct, amend, or delete the Personal Data we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the U.S. under DPF, should direct their query to [email protected]. If requested to remove data, we will respond within a reasonable timeframe. This Privacy Policy has additional information about the rights afforded to you.
We will provide you with the choice to opt-out from the sharing of your Personal Data, with any third parties (other than our agents or those that act on our behalf or under our instruction), or before we use it for a purpose that is materially different from the purpose for which it was originally collected or subsequently authorized.
In addition to any other disclosures described in this Privacy Policy, in certain situations, we may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Chartbeat’s accountability for Personal Data that we receive in the U.S. under the DPF and subsequently transfer to a third party acting as an agent on our behalf is described in the DPF Principles. In particular, we remain liable under the DPF Principles if our agents process Personal Data in a manner inconsistent with the DPF Principles, unless Chartbeat proves that we are not responsible for the event giving rise to the damage.
In compliance with the EU-U.S. DPF, the UK-U.S. DPF and the Swiss-U.S. DPF, Chartbeat commits to DPF Principles-related complaints about our collection and use of your Personal Data. European Union, United Kingdom, or Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF, the UK-U.S. DPF and the Swiss-U.S. DPF should first contact Chartbeat at [email protected].
Chartbeat has further committed to refer unresolved privacy complaints under the DPF Principles to a U.S.-based independent dispute resolution mechanism, BBB NATIONAL PROGRAMS. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbbprograms.org/dpf-complaints for more information and to file a complaint. This service is provided free of charge to you.
If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. For more information, see Annex 1 of the DPF Principles, located at https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2 . - STANDARD CONTRACTUAL CLAUSES
In accordance with our Data Processing Addendum, which is incorporated into our terms of service, we may also utilize the standard contractual clauses for authorizing transfers of EU or UK Personal Data to the US.
C. CALIFORNIA RESIDENT RIGHTS
If you are a Chartbeat Site Visitor and a California resident, you have certain rights pursuant to applicable law, such as the California Consumer Privacy Act, as amended by the California Privacy Rights Act (“CCPA”), which may be subject to certain exceptions and limitations. Please see the “Exercising Your U.S. Privacy Rights” section below for instructions regarding how to exercise these rights. If there are any conflicts between this section and any other provision of this Privacy Policy and you are a California resident, the portion that is more protective of Personal Data shall control to the extent of such conflict. Additionally, please note that these rights are subject to certain conditions and exceptions under applicable law, which may permit or require us to deny your request. If you have any questions about this section or whether any of the following applies to you, please contact us at [email protected].For purposes of exercising your rights below, please note the following regarding how we collect and use your Personal Data as described in this Privacy Policy:
- ACCESS
You have the right to request certain information about our collection and use of your Personal Data over the past 12 months. We will provide you with the following information as a Chartbeat Site Visitor:- The categories of Personal Data that we have collected about you.The categories of sources from which that Personal Data was collected.The business or commercial purpose for collecting your Personal Data.The categories of third parties with whom we have shared your Personal Data.The specific pieces of Personal Data that we have collected about you.
If we have disclosed your Personal Data for a business purpose over the past 12 months, we will identify the categories of Personal Data shared with each category of third party recipient. - DELETION
You have the right to request that we delete the Personal Data that we have collected from you as a Chartbeat Site Visitor. Under the CCPA, this right is subject to certain exceptions: for example, we may need to retain your Personal Data to provide you with the Services or complete a transaction or other action you have requested. If your deletion request is subject to one of these exceptions, we may deny your deletion request. - CORRECTION
You have the right to request that we correct any inaccurate Personal Data we have collected about you. Under the CCPA, this right is subject to certain exceptions: for example, if we decide, based on the totality of circumstances related to your Personal Data, that such data is correct. If your correction request is subject to one of these exceptions, we may deny your request. - SELLING/SHARING IF YOU ARE NOT A CHARTBEAT SITE VISITOR
We do not “sell” or “share” your Personal Data, except to the extent you are a Chartbeat Site Visitor. - SELLING/SHARING OPT-IN AND OPT-OUT FOR CHARTBEAT SITE VISITORS
Under the CCPA, the disclosure of Personal Data for the purposes of cross-contextual behavioral advertising may constitute a “sell” and/or “share,” which you have the right to opt-out of. We may “sell” or “share” the Personal Data of Chartbeat Site Visitors through the use of certain cookies placed on our Site. Please note that we do not “sell” or “share” Personal Data of Customers or Customer Visitors.As described in the “Cookies” section above, we have incorporated cookies from certain third parties into our Site. These cookies allow those third parties to receive information about your activity on our Site that is associated with your browser or device. Those third parties may use that data to serve you relevant ads on our Site or on other websites you visit. Under the CCPA, this may constitute a “sell” or “share.”We may sell or share your Personal Data as a Chartbeat Site Visitor only to or with the following categories of third parties:- Ad networks Marketing providers
Over the past 12 months, we may have sold or shared the following categories of your Personal Data, solely to the extent you are a Chartbeat Site Visitor and only to categories of third parties listed above:- Personal identifiersInternet or other similar network activity informationGeolocation data
We may have sold or shared the foregoing categories of Personal Data, solely to the extent you are a Chartbeat Site Visitor, for the following business or commercial purposes:- Improving the Services, including testing, research, internal analytics and product developmentMarketing and selling the ServicesShowing you advertisements, including interest-based, online behavioral or targeted advertising
You can opt-out using the methods described under the “Exercising your U.S. Privacy Rights” section below. To our knowledge, we do not sell or share the Personal Data of minors under 16 years of age. - WE WILL NOT DISCRIMINATE AGAINST YOU FOR EXERCISING YOUR RIGHTS UNDER THE CCPA
We will not discriminate against you for exercising your rights under the CCPA. We will not deny you our goods or services, charge you different prices or rates, or provide you a lower quality of goods and services if you exercise your rights under the CCPA. However, we may have different tiers of Services as allowed by applicable data protection laws (including the CCPA) with varying prices, rates, or levels of quality of the goods or services you receive related to the value of Personal Data that we receive from you.
D. VIRGINIA RESIDENT RIGHTS
If you are a Chartbeat Site Visitor and a Virginia resident, you have certain rights pursuant to applicable data protection laws, such as the Virginia Consumer Data Protection Act (“VCDPA”) which may be subject to certain exceptions and limitations. Please see the “Exercising Your U.S. Privacy Rights” section below for instructions regarding how to exercise these rights. If there are any conflicts between this section and any other provision of this Privacy Policy and you are a Virginia resident, the portion that is more protective of Personal Data shall control to the extent of such conflict. Additionally, please note that these rights are subject to certain conditions and exceptions under applicable law, which may permit or require us to deny your request.If you have any questions about this section or whether any of the following applies to you, please contact us at [email protected].
For purposes of exercising your rights below, please note the following regarding how we collect and use your Personal Data as described in this Privacy Policy:
- ACCESS
You have the right to (1) request confirmation of whether or not we are processing your Personal Data and (2) access your Personal Data. - CORRECTION
You have the right to correct inaccuracies in your Personal Data, to the extent such correction is appropriate in consideration of the nature of such data and our purposes of processing your Personal Data. - PORTABILITY
You have the right to request a copy of your Personal Data in a machine-readable format, to the extent technically feasible. - DELETION
You have the right to delete your Personal Data. - OPT-OUT OF CERTAIN PROCESSING ACTIVITIES
You have the right to opt-out of the processing of your Personal Data for targeted advertising purposes. We do not process your Personal Data for targeted advertising purposes, except to the extent you are a Chartbeat Site Visitor. To the extent we collect your data as a Chartbeat Site Visitor, we may process your Personal Data for targeted advertising purposes. You can opt-out using the methods described under the “Exercising Your U.S. Privacy Rights” section below.You have the right to opt-out to the sale of your Personal Data. We do not currently sell your Personal Data as defined under the VCDPA.You have the right to opt-out from the processing your Personal Data for the purposes of profiling in furtherance of decisions that produce legal or similarly significant effects to you; however, we do not conduct such activities. - APPEALING A DENIAL
If we refuse to take action on a request within a reasonable period of time after receiving your request in accordance with this section, you may appeal our decision. In such appeal, you must (1) provide sufficient information to allow us to verify that you are the person about whom the original request pertains and to identify the original request, and (2) provide a description of the basis of your appeal. Please note that your appeal will be subject to your rights and obligations afforded to you under the VCDPA. We will respond to your appeal within 60 days of receiving your request. If we deny your appeal, you have the right to contact the Virginia Attorney General using the methods described at https://www.oag.state.va.us/consumer-protection/index.php/file-a-complaint.
You may appeal a decision by emailing us at [email protected] (title must include “VCDPA Appeal”).
E. COLORADO RESIDENTS
If you are a Chartbeat Site Visitor and a Colorado resident, you have certain rights pursuant to applicable data protection laws, such as the Colorado Privacy Act (“CPA”) which may be subject to certain exceptions and limitations. Please see the “Exercising Your U.S. Privacy Rights” section below for instructions regarding how to exercise these rights. If there are any conflicts between this section and any other provision of this Privacy Policy and you are a Colorado resident, the portion that is more protective of Personal Data shall control to the extent of such conflict. Additionally, please note that these rights are subject to certain conditions and exceptions under applicable law, which may permit or require us to deny your request.If you have any questions about this section or whether any of the following applies to you, please contact us at [email protected].
For purposes of exercising your rights below, please note the following regarding how we collect and use your Personal Data as described in this Privacy Policy:
- ACCESS
You have the right to (1) request confirmation of whether or not we are processing your Personal Data and (2) access your Personal Data. - CORRECTION
You have the right to correct inaccuracies in your Personal Data, to the extent such correction is appropriate in consideration of the nature of such data and our purposes of processing your Personal Data. - DELETION
You have the right to delete your Personal Data. - PORTABILITY
You have the right to request a copy of your Personal Data in a machine-readable format, to the extent technically feasible, twice within a calendar year. - SELLING/TARGETED ADVERTISING IF YOU ARE NOT A CHARTBEAT SITE VISITOR
We do not sell your Personal Data and do not process your Personal Data for targeted advertising purposes, except to the extent you are a Chartbeat Site Visitor. - SELLING/TARGETED ADVERTISING OPT-IN AND OPT-OUT FOR CHARTBEAT SITE VISITORS
In this section, we use the term ‘sell’ as it is defined in the CPA. We sell and process for the purposes of targeted advertising your Personal Data as a Chartbeat Site Visitor only, subject to your right to opt-out of these sales.As described in the “Cookies” section, we have incorporated cookies from certain third parties into our Site. These cookies allow those third parties to receive information about your activity on our Site that is associated with your browser or device. Those third parties may use that data to serve you relevant ads on our Site or on other websites you visit. Under the CPA, sharing your data through third party cookies for online advertising may be considered a “sale” of information.We may sell and process for the purposes of targeted advertising your Personal Data, solely to the extent you are a Chartbeat Site Visitor, to the following categories of third parties:- Ad networks
- Marketing providers
We may sell and process for the purposes of targeted advertising the following categories of your Personal Data, solely to the extent you are a Chartbeat Site Visitor and only to the categories of third parties listed above:- Personal identifiersInternet or other similar network activity information
Geolocation dataWe may have sold the foregoing categories of Personal Data, solely to the extent you are a Chartbeat Site Visitor, for the following business or commercial purposes:- Improving the Services, including testing, research, internal analytics and product developmentMarketing and selling the ServicesShowing you advertisements, including interest-based or online behavioral advertising
You can opt-out of processing for targeted advertising (and selling) purposes using the methods described under the “Exercising Your U.S. Privacy Rights” section below. - APPEALING A DENIAL
If we refuse to take action on a request within a reasonable period of time after receiving your request in accordance with this section, you may appeal our decision. In such appeal, you must (1) provide sufficient information to allow us to verify that you are the person about whom the original request pertains and to identify the original request, and (2) provide a description of the basis of your appeal. Please note that your appeal will be subject to your rights and obligations afforded to you under the CPA. We will respond to your appeal within 45 days of receiving your request. If we deny your appeal, you have the right to contact the Colorado Attorney General.You may appeal a decision by emailing us at [email protected] (title must include “CPA Appeal”).
F. CONNECTICUT RESIDENTS
If you are a Chartbeat Site Visitor and a Connecticut resident, you have certain rights pursuant to applicable data protection laws, such as the Connecticut Data Privacy Act (“CTDPA”) which may be subject to certain exceptions and limitations. Please see the “Exercising Your U.S. Privacy Rights” section below for instructions regarding how to exercise these rights. If there are any conflicts between this section and any other provision of this Privacy Policy and you are a Connecticut resident, the portion that is more protective of Personal Data shall control to the extent of such conflict. Additionally, please note that these rights are subject to certain conditions and exceptions under applicable law, which may permit or require us to deny your request.If you have any questions about this section or whether any of the following applies to you, please contact us at [email protected].For purposes of exercising your rights below, please note the following regarding how we collect and use your Personal Data as described in this Privacy Policy:
- ACCESS
You have the right to (1) request confirmation of whether or not we are processing your Personal Data and (2) access your Personal Data. - CORRECTIONY
ou have the right to correct inaccuracies in your Personal Data, to the extent such correction is appropriate in consideration of the nature of such data and our purposes of processing your Personal Data. - DELETION
You have the right to delete your Personal Data. - PORTABILITY
You have the right to request a copy of your Personal Data that is processed automatically in a machine-readable format, to the extent technically feasible. - SELLING/TARGETED ADVERTISING IF YOU ARE NOT A CHARTBEAT SITE VISITOR
We do not sell your Personal Data and do not process your Personal Data for targeted advertising purposes, except to the extent you are a Chartbeat Site Visitor. - SELLING/TARGETED ADVERTISING OPT-IN AND OPT-OUT FOR CHARTBEAT SITE VISITORS
You have the right to opt-out of the sale of your Personal Data and processing of your Personal Data for targeted advertising purposes. In this section, we use the term ‘sell’ as it is defined in the CTDPA. We may sell and process for the purposes of targeted advertising your Personal Data as a Chartbeat Site Visitor only, subject to your right to opt-out of these sales.As described in the “Cookies” section, we have incorporated cookies from certain third parties into our Site. These cookies allow those third parties to receive information about your activity on our Site that is associated with your browser or device. Those third parties may use that data to serve you relevant ads on our Site or on other websites you visit. Under the CTDPA, sharing your data through third party cookies for online advertising may be considered a “sale” of information.You have the right to opt-out of the sale or processing for the purposes of targeted advertising of your Personal Data. You can opt-out using the methods described under “Exercising Your U.S. Privacy Rights” section below. - APPEALING A DENIAL
If we refuse to take action on a request within a reasonable period of time after receiving your request in accordance with this section, you may appeal our decision. In such appeal, you must (1) provide sufficient information to allow us to verify that you are the person about whom the original request pertains and to identify the original request, and (2) provide a description of the basis of your appeal. Please note that your appeal will be subject to your rights and obligations afforded to you under the CTDPA. We will respond to your appeal within 45 days of receiving your request. If we deny your appeal, you have the right to contact the Connecticut Attorney General.You may appeal a decision by emailing us at [email protected] (title must include “CTDPA Appeal”).
G. NEVADA RESIDENTS
If you are a resident of Nevada, you have the right to opt-out of the sale of certain Personal Data to third parties who intend to license or sell your Personal Data. Please note that we do not currently sell your Personal Data (as sales are defined in Nevada Revised Statutes Chapter 603A).
H. EXERCISING YOUR U.S. PRIVACY RIGHTS
To exercise the rights described in this Privacy Policy, you, or if you are a California, Colorado or Connecticut resident, your Authorized Agent (defined below) must send us a request that (1) provides sufficient information to allow us to verify that you are the person about whom we have collected Personal Data, and (2) describes your request in sufficient detail to allow us to understand, evaluate, and respond to it. Each request that meets both of these criteria will be considered a “Valid Request.” We may not respond to requests that do not meet these criteria. We will only use Personal Data provided in a Valid Request to verify you and complete your request. You do not need an account to submit a Valid Request.
We will work to respond to your Valid Request within 45 days of receipt. We will not charge you a fee for making a Valid Request unless your Valid Request(s) is excessive, repetitive, or manifestly unfounded. If we determine that your Valid Request warrants a fee, we will notify you of the fee and explain that decision before completing your request.
You may submit a Valid Request to opt-out from our processing of your Personal Data for the purposes of targeted advertising (or cross-contextual behavioral advertising), which may constitute a sale and/or share depending on your state of residence, by the following methods:
- By accessing your cookie management settings by clicking “Your Privacy Settings” in the footer of the Site.
- By implementing the Global Privacy Control or similar universal privacy control that is legally recognized by a government agency or industry standard and that complies with applicable law. The signal issued by the control must be initiated by your browser and applies to the specific device and browser you use at the time you cast the signal. Please note this does not include Do Not Track signals.
For all other applicable U.S. rights, you may submit a Valid Request using the following methods:
- Mailing us at: 701 Tillery Street, Unit 12-1019, Austin, Texas 78702
- Emailing us at: [email protected]
If you are a California, Colorado or Connecticut resident, you may also authorize an agent (an “Authorized Agent”) to exercise your rights on your behalf. To do this, you must provide your Authorized Agent with written permission to exercise your rights on your behalf, and we may request a copy of this written permission from your Authorized Agent when they make a request on your behalf.
7. LINKS TO THIRD PARTY WEBSITES
Our Site may contain links to third party websites. Please be aware that we are not responsible for the privacy practices of third party websites you choose to visit. If you provide any Personal Data directly to parties other than Us, different rules may apply to the use or disclosure of that Personal Data. We encourage you to investigate and ask questions before disclosing your Personal Data to third parties.
8. PRIVACY PROTECTION FOR CHILDREN
In compliance with the Children’s Online Privacy Protection Act (COPPA), applicable European data privacy laws, and other Data Protection Laws, we do not knowingly provide access to the Service to persons under the age of eighteen (18). If we learn that any user of the Service is under the age of eighteen (18), we will take appropriate steps to remove that user’s information from our records and we will restrict that individual from future access to the Service. Please contact us at [email protected] if you are aware that we may have inadvertently collected Personal Data from a child.
9. SECURITY
We have implemented security measures to protect information from loss, misuse and alteration. We use industry-standard practices such as encrypted storage, firewalls and password protection systems to safeguard the confidentiality of Personal Data which is collected and used in accordance with this Privacy Policy. Each of our employees and agents are aware of our security policies; Personal Data is only available to those employees and agents who need it to perform their jobs.
10. LOCATION AND STORAGE OF PERSONAL DATA
We host and operate our Services predominantly in the United States. If you are an individual in the EU, UK, or Switzerland, please see the “European Union, United Kingdom, and Swiss Resident Rights” section for information about data transfers to the U.S.
We keep your Personal Data for no longer than necessary for the purposes for which the Personal Data is processed. The length of time for which we retain Personal Data depends on the purposes for which we collect and use it and/or as required to comply with applicable laws and to establish, exercise or defend our legal rights.
Except as required by applicable laws or in order to defend any actual or possible legal claims, we will take reasonable steps to return or irretrievably delete all Personal Data processed on behalf of our Customers when it is no longer required to exercise or perform our rights or obligations under our Terms of Service (provided that we may retain Customer’s employee/users’ Personal Data to provide future notices to Customer and respond to future Customer or legal inquiries).
11. HR Data
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, Chartbeat, Inc. commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF in the context of the employment relationship.
12. CONTACT US
If you have any questions or complaints about how we use your Personal Data, or if you would like to request access to your information in accordance with this Privacy Policy, please contact Chartbeat at [email protected], or Chartbeat, Inc. at 701 Tillery Street, Unit 12-1019, Austin, Texas 78702.
Individuals and the data protection supervisory authorities in the EU/EEA and individuals and the data protection supervisory authority (“ICO”) in the UK may also contact our data protection representatives according to Article 27 GDPR:
EU: DP-Dock GmbH, Attn.: Chartbeat, Ballindamm 39, 20095 Hamburg, Germany
UK: DP Data Protection Services UK Ltd., Attn.: Chartbeat, 16 Great Queen Street, Covent Garden, London, WC2B 5AH, United Kingdom
www.dp-dock.com
[email protected]
You may also make a complaint to the UK Information Commissioner’s Office or the data protection regulator in the country where you usually live or work, or where an alleged infringement of the General Data Protection Regulation has taken place. Alternatively, you may seek a remedy through the courts if you believe your rights have been breached.