New Research: What’s Really Happening with Search, Dark Social, and AI
Get the Report
Sign In
Get a Demo

Chartbeat Privacy Policy

Effective Date: January 1, 2025

This Privacy Notice (this “Notice”) describes how Chartbeat, Inc. and its affiliates (collectively, “Chartbeat,” “we,” “us,” or “our”) process personal data for which Chartbeat acts as a “controller” under applicable privacy laws. We also describe how we process personal data for which we act as a “processor” under applicable privacy laws in “Personal Data We Process as a Processor” only. 

This Notice addresses processing activities only in connection with the Services, whether as controller or processor. This Notice does not cover the practices of other companies or people. When we are operating as a controller, references to “Services” means our owned-and-operated websites (“Sites”) and the customer-facing portions of our services (e.g., dashboards and logged-in areas for customer personnel). When we are operating as a processor, references to “Services” means the services we provide on behalf of customers on their own properties or otherwise on their behalf (e.g., analytics tracking, CRM functionality, video analytics).

If you are a Chartbeat customer, your access to, or use of, any Services is subject to the agreements we have with you. 

If you have any questions or comments regarding this Notice, please contact us at privacy@chartbeat.com. Where appropriate, we may refer you to our customer in respect of any queries where we serve as that customer’s processor.

You can print a copy of this Notice by clicking here.

Privacy Policy Table of Contents:

  1. Notification of Changes
  2. Sources of Information
  3. Personal Data
    1. What Personal Data We Collect and How We Use It
    2. Personal Data We Process as a Data Processor
    3. Cookies
  4. Our Legal Bases and Commercial or Business Purposes for Collecting Personal Data
  5. Disclosure of Information to Third Parties
  6. Your Rights
    1. European Union, United Kingdom, and Swiss Residents
    2. U.S. Residents
  7. Links to Third Party Websites
  8. Privacy Protection for Children
  9. Security and Retention
  10. HR Data
  11. Contact Us
1. NOTIFICATION OF CHANGES

We may make changes to this Notice from time to time. We will notify you of any material changes to this Notice by placing a notice on our website or other aspect of the Services, sending you an email, or by other reasonable means, as required under applicable law.

2. SOURCES OF INFORMATION

We may collect Personal Data about you from:

  • You: When you provide such information directly to us and when personal data about you is automatically collected in connection with your use of the Services.
  • Third parties: We may receive your data through use of third parties, such as:
    • Service Providers. We may use service providers for various business operations, such as analytics service providers, to analyze how you interact and engage with the Services, or third parties may help us provide you with customer support (e.g., chatbots, LLMs, search functionality).
    • Social networks connected to the Services. If you provide your social network account credentials to us or otherwise sign in to the Services through a third-party site or service, you understand some content or information in those accounts may be transmitted into your Account with us (e.g., your video analytics, profile data, user-generated content).
    • Advertising partners. We may receive personal data about you from some of our service providers who assist us with marketing/promotional and related measurement services related to our websites, applications, products, services, advertisements, or communications, such as data about how effectiveness our ad campaigns were at driving traffic or conversions and how to “retarget” visitors (or those who may be similar to such visitors).
    • Public Sources. We may obtain personal data about you from public sources, such as public user-generated content on social media platforms or other data.
    • Our affiliates. We may receive personal data about you from our affiliates.
3. PERSONAL DATA
  1. What Personal Data We Collect and How We Use It

The following tables describe the kinds of personal data we may collect about you and our business or commercial purposes for collecting such information as a controller. One or more tables may apply to you depending on your relationship with us.

We may collect, or may have collected over the past 12 months, the following categories of personal data about you if you visit our Sites, sign up for our marketing materials, or otherwise engage with us as a Site visitor or a customer.

Category of Personal DataBusiness or Commercial Purpose(s) for Collection
Personal Identifiers such as name, account name, email address• Providing, customizing, and improving the Services
• Marketing the Services
• Corresponding with you
Payment Data such as financial account information, payment card type, last 4 digits of payment card, and billing address, phone number, and email   • Providing, customizing, and improving the Services  
Internet or Other Similar Network Activity such as browsing history, IP address, web page interactions, referring webpage/source through which you accessed the Services, request IDs, and statistics associated with the interaction between device or browser and the Services• Providing, customizing and improving the Services
• Marketing the Services
• Corresponding with you
Device/IP Data such as IP address, device ID, domain server, and type of device/operating system/browser used to access the Services• Providing, customizing and improving the Services
• Marketing the Services
• Corresponding with you
Professional or Employment-Related Data such as job title• Providing, customizing, and improving the Services
• Marketing the Services
• Corresponding with you
Other Identifying Information that You Voluntarily Choose to Provide such as emails, letters, texts, or videos• Providing, customizing, and improving the Services
• Marketing the Services
• Corresponding with you

We may share the categories of data above to the following categories of entities: Service Providers, Affiliates, Business Partners (e.g., Advertising Partners), and Parties You Authorize, Access, or Authenticate. However, your payment data is processed only by our payment vendor service providers (e.g., PayPal, BlueSnap).

B. Personal Data That We Process as a Data Processor

We process certain personal data (including on our customers’ digital properties) as a processor in connection with the Services. The customer whose digital property you access is the controller of any personal data that we process under the Services in connection with such digital property. As such, we may direct you to contact such customer directly with inquiries about your personal data or to exercise any rights afforded to you under applicable law.

In connection with providing the Services as a processor to a customer, we use Cookies (defined below) on such customer’s website depending on how the customer configures such Cookies. We do not control the personal data that a customer chooses to collect through use of the Chartbeat Cookies. We may use personal data collected through Cookies on a customer’s website to provide the Services or for systems administration, abuse prevention, or as otherwise permitted under our agreement with such customer. For additional information about the personal data collected by a website using a Chartbeat Cookie, please see the Privacy Notice posted on the website you visited.

We may also receive your personal data as a processor from other customers, such as data they input within order management or CRM-type platforms that we provide or otherwise allow customers to use as part of the Services (e.g., points of contact, sales representatives).

C. Cookies

Like most websites, our Sites places cookies, pixel tags, web beacons, or similar technology (collectively, “Cookies”) that serve various purposes, as described below, including to enable our servers to recognize your web browser, tell us how and when you visit and use the Services, analyze trends, A/B test content or other materials, collect device- and related metadata (e.g., IP address, click source, referral page, depth scroll), learn about our user base, and operate and improve the Services. In essence, “cookies” are small pieces of data– usually text files – placed on your device when you use that device to access the Services. We may also supplement the information we collect from you with information received from third parties, including third parties that have placed their own Cookies on your devices.

Except where we are required to honor GPC on our Sites, the Services does not support “Do Not Track” or similar requests sent from a browser at this time. As described further above, we also may place Cookies on our customers’ websites in connection with the Services.

If you are a visitor or customer, we use the following types of Cookies:

  • Essential Cookies. Essential Cookies are required for providing you with features or services that you have requested. For example, certain Cookies enable you to log into secure areas of the Services. Disabling these Cookies may make certain features and services unavailable.
  • Personalization Cookies. Personalization Cookies are used to record your choices and settings regarding the Services, maintain your preferences over time, and recognize you when you return to the Services (e.g., remembering log-in and password). These Cookies help us to personalize our content for you, greet you by name, and remember your preferences (for example, your choice of language or region).
  • Analytics Cookies. Analytics Cookies allow us to understand how visitors use the Services. They do this by collecting information about the number of visitors to the Services, what pages visitors view on our Services, and how long visitors are viewing pages on the Services. Analytics Cookies also help us measure the performance of our advertising campaigns in order to help us improve our campaigns and the Services’ content for those who engage with our advertising. For example, Google LLC (Google) uses cookies in connection with its Google Analytics services. Google’s ability to use and disclose information collected by Google Analytics about your visits to the Services is subject to the Google Analytics Terms of Use and the Google Privacy Notice. You have the option to opt-out of Google’s use of Cookies by visiting the Google advertising opt-out page at www.google.com/privacy_ads.html or the Google Analytics Opt-out Browser Add-on at https://tools.google.com/dlpage/gaoptout/.
  • Targeted Advertising Cookies. Targeted Advertising Cookies collect data about your online activity and identify your interests for the purposes of serving advertising that might interest you and may be targeted to users who fit certain general profile categories or display certain preferences or behaviors.

Some browsers have an option for turning off cookies, which may prevent your browser from accepting certain new cookies or provide other related features. With respect to certain cookies on certain of our Sites, you can also modify your preferences via the “Your Privacy Settings” link (or similarly named link, such as “Cookies”) in the footer of the Sites or, to the extent such signal must be honored under U.S. State Privacy Laws, by implementing the Global Privacy Control.

Information about Targeted Advertisements

We may serve targeted advertisements on the Services and on other digital properties and also may allow third-party advertising partners (e.g., demand-side platforms, ad servers, social media platforms, exchanges) to serve advertisements through the Site or Services or otherwise on other digital properties. Personal data for targeted advertising may be provided to us by you or derived from the usage patterns of particular users on the Services or services of third parties. Such information may be gathered by us or our third-party advertising partners through tracking users’ activities across time and unaffiliated properties, including when you leave any Service, typically through the use of Cookies. In some cases, we may disclose or receive other identifiers, such as email addresses or phone numbers (typically in hashed format), to or from our advertising partners in order to better target you with ads or to generate audiences similar to you (also known as “look-a-like audiences”).

4. OUR COMMERCIAL OR BUSINESS PURPOSES AND LEGAL BASES FOR USE OF YOUR PERSONAL DATA
  • Providing, Customizing, and Improving the Site and the Services
    • Providing you with the Sites or information you request.
    • Meeting or fulfilling the reason you provided the information to us.
    • Operating and providing support and assistance for the Sites.
    • Improving the Sites and the Services, including testing, research, internal analytics, machine-learning or other AI model optimizations, and product development.
    • Personalizing the Sites and its content and communications based on your preferences.
    • Doing fraud protection, security, and debugging.
    • Carrying out other purposes stated when collecting your personal data or as otherwise set forth in applicable U.S. state privacy laws such as the California Consumer Privacy Act, as amended by the California Privacy Rights Act of 2020 (the “CCPA” and collectively with other applicable U.S. state privacy laws, the “U.S. State Privacy Laws”).
  • Marketing the Services
    • Marketing and selling the Services.
    • Showing you advertisements on or off our Sites or Services, including online behavioral or targeted advertising, and measuring their effectiveness.
  • Corresponding with You
    • Responding to correspondence that we receive from you, contacting you when necessary or requested, and sending you information about Chartbeat or the Services.
    • Sending emails and other communications according to your preferences.

Processing Grounds under the GDPR

If you are a resident of the EU, UK, or Switzerland, we will process your personal data only if we have a lawful basis for doing so. Lawful bases for processing include consent, contractual necessity and our “legitimate interests” or the legitimate interest of others, as further described below.

  • Contractual Necessity: We process the following categories of personal data as a matter of “contractual necessity”, meaning that we need to process the data to perform under our Terms of Service with you, which enables us to provide you with the Services. When we process data due to contractual necessity, failure to provide such personal data will result in your inability to use some or all portions of the Services that require such data.
    • Visitors: Personal Identifiers, Device/IP data, and Other Identifying Information that You Voluntarily Choose to Provide.
    • Customers: Personal Identifiers, Payment Data, and Other Identifying Information that You Voluntarily Choose to Provide.
  • Legitimate Interest: We process the following categories of Personal Data when we believe it furthers the legitimate interest of us or third parties:
    • Visitors: Internet or Other Similar Network Activity and Device/IP Data.
    • Customers: Device/IP Data, Commercial Data, and Professional or Employment-Related Data.
    • We may also de-identify or anonymize personal data to further our legitimate interests, as described further below.

Examples of these legitimate interests include (as described in more detail above):

  • Providing, customizing and improving the Services.
    • Marketing the Services.
    • Corresponding with you.
    • Meeting legal requirements and enforcing legal terms.
    • Completing corporate transactions.
  • Consent: In some cases, we process personal data based on the consent you expressly grant to us at the time we collect such data. When we process personal data based on your consent, it will be expressly indicated to you at the point and time of collection.
  • Other Processing Grounds: From time to time we may also need to process personal data to comply with a legal obligation, if it is necessary to protect the vital interests of you or other data subjects, or if it is necessary for a task carried out in the public interest.

Other Permitted Purposes for Processing Personal Data

In addition, each of the above referenced categories of personal data may be collected, used, and disclosed with the government, including law enforcement, or other parties to meet certain legal requirements and enforcing legal terms including: fulfilling our legal obligations under applicable law, regulation, court order or other legal process, such as preventing, detecting and investigating security incidents and potentially illegal or prohibited activities; protecting the rights, property or safety of you, Chartbeat or another party; enforcing any agreements with you; responding to claims that any posting or other content violates third-party rights; and resolving disputes.

We will not collect additional categories of personal data or use the personal data we collected for materially different, unrelated, or incompatible purposes without providing you notice or obtaining your consent.

5. DISCLOSURE OF INFORMATION TO THIRD PARTIES

We may disclose your Personal Data as described in this section, or with your express consent.

Service Providers

These parties help us provide the Chartbeat Services or perform business functions on our behalf. They include:

  • Hosting, technology and communication providers.
  • Analytics providers for web traffic or usage of the site.
  • Security and fraud prevention consultants.
  • Support and customer service vendors.
  • Product fulfillment and delivery providers.
  • Payment processors.
    • Our payment processing partners collect your voluntarily provided payment card information necessary to process your payment.

Affiliates and Business Partners

We may disclose certain personal data to our corporate affiliates or parties that partner with us in offering various services, including businesses that you have a relationship with or companies that we partner with to offer joint promotional offers or opportunities.

Additionally, Chartbeat may partner with Business Partners in offering various services, including businesses that you have a relationship with and companies that we partner with to offer joint promotional offers or opportunities. Some of these Business Partners include advertising partners, such as those to whom we disclose your personal data for ad targeting- and ad measurement-related purposes.

Third Parties You Authorize, Access or Authenticate

Solely at your direction or based on your authorization or use, we may disclose certain personal data to third parties you access through the services, including social media services.

Legal Obligations

We may disclose any personal data that we collect with third parties in conjunction with any of the activities set forth under “Other Permitted Purposes for Processing Personal Data” section above.

Voluntary Public Disclosure by You of Personal Data

Please be aware that whenever one voluntarily discloses personal data online – e.g., on message boards, in chat areas, in file uploads, through events, etc. – that information becomes public and can be collected and used by others and indexed in search engines. We have no control over, and take no responsibility for, the use, storage, or dissemination of such publicly disclosed personal data. By posting personal data online in public forums, users may receive unsolicited messages from other parties.

Aggregated and Anonymized Data

Chartbeat may create de-identified data from the personal data we collect, including by removing information that makes the data personally identifiable to a particular user. We may use such de-identified data and share it with third parties for our lawful business purposes, including to analyze, build, and improve the Services and promote our business, provided that we will not share such data in a manner that could identify you. If we receive such de-identified data from a third party and are bound by such third party to keep such data de-identified, then we will maintain and use such data in deidentified form and not attempt to reidentify it (except as needed to determine whether our deidentification processes are satisfactory under applicable law).

6. YOUR RIGHTS

You may exercise your rights with us in accordance with this section. Please note that your rights may be subject to additional requirements, conditions, or exceptions in accordance with applicable law.

If you have any questions about your rights, please reach out to privacy@chartbeat.com.

You may receive marketing communications from us, for instance, when you register for the Services or visit the Site. If you would like to opt-out of such communications, you may unsubscribe in the link provided in any email communication.

  1. European Union, United Kingdom, and Swiss Residents

If you are a European Union (EU), United Kingdom (UK), or a Swiss resident, you have certain rights pursuant to applicable law, such as the General Data Protection Regulation (GDPR), as set forth below. If there are any conflicts between this section and any other provision of this Notice, the policy or portion that is more protective of personal data shall control to the extent of such conflict.

If you have any questions about this section, whether any of the following applies to you, or the rights described below, or to submit a request regarding your personal data, please contact us at privacy@chartbeat.com. Please note that in some circumstances, we may not be able to fully comply with your request, such as if it is manifestly unfounded or excessive, if it jeopardizes the rights of others, or if it is not required by law, but in those circumstances, we will still respond to notify you of such a decision. In some cases, we may also need you to provide us with additional information, which may include personal data, if necessary to verify your identity and the nature of your request.

EU, UK, and Swiss Resident Rights

  • Access: You can request more information about the personal data we hold about you and request a copy of such personal data. You can also access certain of your personal data by logging on to your account.
  • Rectification: If you believe that any personal data we are holding about you is incorrect or incomplete, you can request that we correct or supplement such data. You can also correct some of this information directly by logging on to your account.
  • Erasure: You can request that we erase some or all of your personal data from our systems.
  • Withdrawal of Consent: If we are processing your personal data based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time. Please note, however, that if you exercise this right, you may have to then provide express consent on a case-by-case basis for the use or disclosure of certain of your personal data, if such use or disclosure is necessary to enable you to utilize some or all of the Services.
  • Portability: You can ask for a copy of your personal data in a machine-readable format. You can also request that we transmit the data to another controller where technically feasible.
  • Objection: You can contact us to let us know that you object to the further use or disclosure of your personal data for certain purposes, such as for direct marketing purposes.
  • Restriction of Processing: You can ask us to restrict further processing of your personal data.
  • Right to File a Complaint with the Controller (UK only): Citizens within the UK have the right to file a complaint with the controller if they feel their personal data is being processed unlawfully.
  • Right to File Complaint:  You have the right to lodge a complaint about Chartbeat’s practices with respect to your personal data with the supervisory authority of your country or EU Member State. A list of Supervisory Authorities is available here: https://edpb.europa.eu/about-edpb/board/members_en.

Transfers of Personal Data

The Services are hosted and operated in the United States (U.S.) through Chartbeat and its service providers, and if you do not reside in the U.S., laws in the U.S. may differ from the laws where you reside. By using the Services, you acknowledge that any personal data about you, regardless of whether provided by you or obtained from a third party, is being provided to Chartbeat in the U.S. and will be hosted on U.S. servers, and you authorize Chartbeat to transfer, store and process your information to and in the U.S., and possibly other countries. In some circumstances, your personal data may be transferred to the U.S. pursuant to a data processing agreement incorporating standard data protection clauses and/or the Data Privacy Framework(s), as discussed below.

Data Privacy Framework

Chartbeat and its subsidiary Tubular Labs, Inc. (“Tubular”) comply with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF (“UK-U.S. DPF”), and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) (collectively, the “DPF”) as set forth by the U.S. Department of Commerce. Chartbeat and Tubular have certified to the U.S. Department of Commerce that we they adhere to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) and applicable principles under the UK-U.S. DPF (“UK-U.S. DPF Principles”) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK-U.S. DPF. Chartbeat and Tubular have certified to the U.S. Department of Commerce that they adhere to the Swiss-U.S. Data Privacy Framework Principles (“Swiss-U.S. DPF Principles”) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF (with the EU-U.S. DPF Principles and the UK-U.S. DPF Principles, collectively, the “DPF Principles”). If there is any conflict between the terms in this Notice and the DPF Principles, the DPF Principles shall govern. To learn more about the DPF program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

The Federal Trade Commission has jurisdiction over Chartbeat’s compliance with the EU-U.S. DPF, the UK-U.S. DPF and the Swiss-U.S. DPF. This Notice describes the types of personal data we collect, the purposes for which we collect and use your personal data, and the purposes for which we disclose your personal data to certain types of third parties in the sections above. Pursuant to the DPF, EU, UK, and Swiss individuals have the right to obtain our confirmation of whether we maintain personal data relating to you in the U.S. Upon request, we will provide you with access to the personal data that we hold about you. You may also correct, amend, or delete the personal data we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the U.S. under DPF, should direct their query to privacy@chartbeat.com. If requested to remove data, we will respond within a reasonable timeframe. This Notice has additional information about the rights afforded to you.

We will provide you with the choice to opt-out from the sharing of your personal data, with any third parties (other than our agents or those that act on our behalf or under our instruction), or before we use it for a purpose that is materially different from the purpose for which it was originally collected or subsequently authorized.

In addition to any other disclosures described in this Notice, in certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Chartbeat’s accountability for personal data that we receive in the U.S. under the DPF and subsequently transfer to a third party acting as an agent on our behalf is described in the DPF Principles. In particular, we remain liable under the DPF Principles if our agents process personal data in a manner inconsistent with the DPF Principles, unless Chartbeat proves that we are not responsible for the event giving rise to the damage.

In compliance with the EU-U.S. DPF, the UK-U.S. DPF and the Swiss-U.S. DPF, Chartbeat commits to DPF Principles-related complaints about our collection and use of your personal data. European Union, United Kingdom, or Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF, the UK-U.S. DPF and the Swiss-U.S. DPF should first contact Chartbeat at privacy@chartbeat.com.

Chartbeat has further committed to refer unresolved privacy complaints under the DPF Principles to a U.S.-based independent dispute resolution mechanism, BBB NATIONAL PROGRAMS. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbbprograms.org/dpf-complaints for more information and to file a complaint. This service is provided free of charge to you.

If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. For more information, see Annex 1 of the DPF Principles, located at https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2.

B. U.S. Residents

The Services (e.g., Sites, services used by customers) are B2B in nature and used by those acting in their commercial capacity. If you reside in certain U.S. states (e.g., California), you may have certain rights afforded to you, as described in this section. Your rights may be subject to certain conditions or exceptions in accordance with applicable U.S. State Privacy Laws. Where we process your data as a processor, you should contact the entity that is utilizing our Services to request your rights, as this section relates to rights we must provide as a controller.

If you have any questions about this section or whether any of the following rights apply to you, please contact us at privacy@chartbeat.com.

  • Access/Portability. You may have the right to request confirmation of or access to the personal data that we process about you. You can also request access to a portable copy of your personal data (e.g., in a machine-readable format). 
  • Deletion. You may have the right to request that we delete the personal data that we have collected about you.
  • Correction. You may have the right to request that we correct any inaccurate personal data we have collected about you.
  • Selling/Sharing.
    • You may have the right to opt out from the “selling/sharing” of your personal data (as such terms or similar terms are defined under applicable U.S. State Privacy Laws).
    • We may “sell” or “share” your personal data to or with the following categories of “third parties”:
      • Advertising partners (e.g., social media platforms, demand-side platforms, ad servers, exchanges).
    • Over the past 12 months, we may have “sold” or “shared” the following categories of your personal data, solely to the extent you are a visitor and only to the categories of third parties listed above:
      • Personal Identifiers and Internet or Other Similar Network Activity Information.
    • We do not have actual knowledge of “selling” or “sharing” personal data of those under sixteen (16) years of age.

Exercising Your U.S. Privacy Rights

To exercise the rights described in this Privacy Policy, you or, if permitted by applicable U.S. State Privacy Laws, your Authorized Agent (defined below) must send us a request that (1) provides sufficient information to allow us to verify that you are the person about whom we have collected Personal Data (such as your Contact or Profile Data), and (2) describes your request in sufficient detail to allow us to understand, evaluate and respond to it. Each request that meets both of these criteria will be considered a “Valid Request.” We may not respond to requests that do not meet these criteria. We will only use Personal Data provided in a Valid Request to verify your identity and complete your request. You do not need an account to submit a Valid Request.

We will work to respond to your Valid Request within the time period required by applicable privacy laws. We will not charge you a fee for making a Valid Request unless your Valid Request(s) is excessive, repetitive or manifestly unfounded. If we determine that your Valid Request warrants a fee, we will notify you of the fee and explain that decision before completing your request.

Request to Opt-Out of “Sales/Shares”

As applicable, you or an authorized agent may opt-out from any of our “sales” or “shares,” by using the following methods:

  • By accessing your cookie consent mechanism by accessing “Your Privacy Settings” in the footer of our Sites.
  • By implementing the Global Privacy Control or similar universal privacy control as required under applicable U.S. State Privacy Laws.

We may request the information needed to effectuate your request (and, in the case of authorized agents, we may also request the written permission provided by the applicable consumer), as necessary, but “sale/share” requests are not subject to identity verification unlike the other rights discussed in this section.

Request to Access, Delete, or Correct

As applicable, you or an authorized agent may submit a request for any other rights afforded to you in this Notice by emailing us at: privacy@chartbeat.com.

To exercise these rights, you or your authorized agent must send us a request that (1) provides sufficient information to allow us to verify that the person about whom we have collected personal data, (2) describes the request in sufficient detail to allow us to respond to it, and, in the case of requests submitted by authorized agents, (3) the written permission from the consumer to submit the request (we may also ask the consumer to directly confirm that they authorized such agent). Each request that meets these criteria will be considered a “Valid Request.” We may not respond to requests that do not meet these criteria. We will use personal data provided in a Valid Request only to verify your identity and complete your request. 

We will work to respond to your Valid Request within the time period required by applicable U.S. State Privacy Laws. We will not charge you a fee for making a Valid Request unless your Valid Request is excessive, repetitive, or manifestly unfounded. If we determine that your Valid Request warrants a fee, we will notify you of the fee and explain that decision before completing your request.

Appealing a Denial

If we refuse to take action on your request within a reasonable period of time after receiving your request in accordance with this section, you may appeal our decision if permitted by applicable U.S. State Privacy Laws. In such appeal, you must (1) provide sufficient information to allow us to verify that you are the person about whom the original request pertains and to identify the original request and (2) provide a description of the basis of your appeal. We will respond to your appeal within the time period required under the U.S. State Privacy Law. You can submit a Verified Request to appeal by emailing us at: privacy@chartbeat.com (title must include “[STATE OF RESIDENCE] Appeal”).

Our Site may contain links to third-party websites. Please be aware that we are not responsible for the privacy practices of third-party websites you choose to visit. If you provide any personal data directly to parties other than us, different rules may apply to the use or disclosure of that personal data. We encourage you to investigate and ask questions before disclosing your personal data to third parties.-

8. PRIVACY PROTECTION FOR CHILDREN

In compliance with the Children’s Online Privacy Protection Act (COPPA) and applicable privacy laws, we do not knowingly provide access to the Services to persons under the age of eighteen (18). If we learn that any user of the Services is under the age of eighteen (18), we will take appropriate steps to remove that user’s information from our records and we will restrict that individual from future access to the Services. Please contact us at privacy@chartbeat.com if you are aware that we may have inadvertently collected personal data from a child.

9. SECURITY AND RETENTION

We have implemented security measures to protect information from loss, misuse and alteration. We use industry-standard practices such as encrypted storage, firewalls and password protection systems to safeguard the confidentiality of personal data which is collected and used in accordance with this Notice. Each of our employees and agents are aware of our security policies; personal data is only available to those employees and agents who need it to perform their jobs.

We keep your personal data for no longer than necessary for the purposes for which the personal data is processed. The length of time for which we retain personal data depends on the purposes for which we collect and use it and/or as required to comply with applicable laws and to establish, exercise or defend our legal rights.

Except as required by applicable laws or in order to defend any actual or possible legal claims, we will take reasonable steps to return or irretrievably delete all personal data processed on behalf of our customers when it is no longer required to exercise or perform our rights or obligations under our Terms of Service (provided that we may retain customer’s employee/users’ personal data to provide future notices to customer and respond to future customer or legal inquiries).

10. HR DATA

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, Chartbeat commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commission (IC) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF in the context of the employment relationship.

11. CONTACT US

If you have any questions or complaints about how we use your personal data, or if you would like to request access to your information in accordance with this Notice, please contact Chartbeat at privacy@chartbeat.com, or Chartbeat, Inc. at 701 Tillery Street, Unit 12-1019, Austin, Texas 78702.

Individuals and the data protection supervisory authorities in the EU/EEA and individuals and the data protection supervisory authority (IC) in the UK may also contact our data protection representatives according to Article 27 GDPR:

EU: DP-Dock GmbH, Attn.: Chartbeat, Ballindamm 39, 20095 Hamburg, Germany

UK: DP Data Protection Services UK Ltd., Attn.: Chartbeat, 16 Great Queen Street, Covent Garden, London, WC2B 5AH, United Kingdom

www.dp-dock.com

chartbeat@gdpr-rep.com

You may also make a complaint to the UK Information Commission or the data protection regulator in the country where you usually live or work, or where an alleged infringement of the General Data Protection Regulation has taken place. Alternatively, you may seek a remedy through the courts if you believe your rights have been breached.