Effective Date: May 25, 2018
Chartbeat is a company with offices at 826 Broadway, 6th Floor, New York, New York 10003. We are the data controller of the personal information that We collect about Chartbeat Site Visitors and about Our Customers. We are the data processor of the personal information that We collect about Customer Visitors.
Your rights to object: You have various rights in respect of Our use of your personal information as set out in section 7. Two of the fundamental rights to be aware of are that:
A. you may ask Us to stop using your personal information for direct-marketing purposes. If you exercise this right, We will stop using your personal information for this purpose. In any event, we do not use the personal information of Customer Visitors for this purpose.
B. you may ask Us to consider any valid objections which you have to Our use of your personal information where We process your personal information on the basis of Our, or another person or company's, legitimate interest.
You can find out more information in section 7
If We make any material changes in Our privacy practices that do not affect personal information already collected and stored by Us, We will post a notice on Our Site notifying users and/or Customers of the change.
We use the information We collect from Chartbeat Site Visitors , Chartbeat Customers, and Customer Visitors to create a secure and personalized service.
a. Chartbeat Site Visitors (which includes Customers who visit the Site)
For Chartbeat Site Visitors, We collect and store Site use data, such as IP address and browser type, and We use analytics services which set and collect cookie IDs for purposes of understanding Chartbeat Site Visitors' loyalty to the Site. We use the IP addresses to assist in login and other uses related to use of the Service. Chartbeat Site Visitors sessions on Our Site are also tracked for systems administration purposes and to track user trends.
We may also collect user ID and password information to enable returning Chartbeat Site Visitors to log into the Site.
Finally, Chartbeat Site Visitors may provide personal information to us in order to download marketing materials, or in order to opt-in to receive marketing emails. Chartbeat Site Visitors can opt-out of marketing emails at any time by utilizing the unsubscribe links provided therein.
b. Customers (those who use the Chartbeat Product)
For Customers specifically, We collect and store personal information that Our Customers submit to Us, such as their names and e-mail addresses and billing information, to allow Us to identify Customers, provide the Service and notify Customers of changes or updates to the Service.
If a Customer elects to provide it, We also collect and store the Customer’s phone number, which We use to assist Us in providing the Service, including to contact them in account recovery and other scenarios.
We also collect other information from Customers, such as IP address and browser type. We use the IP addresses of Customers to assist in login and other uses related to Customers’ use of the Service. Customers’ sessions on Our Site are also tracked for systems administration purposes and to track user trends. We may link IP address and other information to a Customer's account.
We also collect Customers’ user ID and password information to enable them to log into and use the Service.
Finally, Customers are automatically opted-in to receive marketing emails from us when they register for the Service. Customers can opt-out of marketing emails by utilizing the unsubscribe links provided therein, but We may still need to send Customers e-mails relating to their accounts.
c. Customer Visitors (individuals who visit publisher ‘s websites)
For Customer Visitors, when a Customer Visitor visits a Customer Website, We collect certain information regarding their use of the Customer Website, such as their IP address and browser type on behalf of our Customer. Their session on the Customer Website will be tracked. We may use their IP address to identify the general geographic area from which they are accessing the Customer Website. We remove the last octet of the IP address and therefore do not store IP addresses or link IP addresses to any personal information. We also use this information for systems administration purposes, abuse prevention and to track user trends in connection with Our provision of the Service.
As part of the Service, We collect information relating to traffic on the Customer Websites ("Traffic Data") on which Customers choose to activate the Service. In connection with the collection of this Traffic Data, Chartbeat does not collect any personal information from Customer Visitors, (i) so long as the Customer configures the Chartbeat code on the Customer Website in accordance with the instructions and documentation provided by Us, so that URLs containing personal information of Customer Visitors are not captured by the Service, and (ii) provided that We do collect IP addresses from Customer Visitors in order to show geolocation information but We remove the last octet of the IP address and therefore do not store IP addresses in a manner that would permit personal identification.
Traffic Data is used to provide Customers with real-time analytics and uptime monitoring. We may aggregate and anonymize Traffic Data with that from other sites to provide benchmarking data and other functionality, but We will not use or disclose aggregated Traffic Data in a manner that reveals the identity of a Customer or Customer Website without the Customer’s express prior consent.
We also collect first party cookie IDs on behalf of Customers. Chartbeat code, by default, sets and reads a cookie on the Customer's website domain containing a randomly-generated user ID for purposes of determining unique visitor counts and visitors' loyalty to a site. Such information can be classified as personal information under the European General Data Protection Regulation but it is not stored in a manner that would permit personal identification.
We also collect and use browser header information to help Us understand from which websites a Customer Visitor navigates to a Customer Website.
a. Chartbeat Site Visitors
Our use of your personal information is necessary:
for Our legitimate interests or the legitimate interests of others (for example, to ensure the security of Our Site). Our legitimate interests are to: (i) run, grow and develop Our business; (ii) operate our Site; (iii) analyze the use of Our Site and make improvements; (iv) identify visitors, administer the Service; (v) make product decisions; (vi) notify visitors of changes or updates to the Site; (vii) for systems administration purposes; and (viii) to track visitor trends.
Our use of your personal information is necessary:
for Our legitimate interests or the legitimate interests of others (for example to ensure the security of Our Site). Our legitimate interest are to: (i) run, grow and develop Our business; (ii) operate Our Site; (iii) allow Us to identify Customers; (iv) provide the Service; (v) notify Customers of changes or updates to the Service; (vi) contact you in account recovery and other scenarios; (viii) assist in login and other uses related to Customers’ use of the Service; (ix) perform systems administration activities; (x) track visitor trends; (xi) enable you to log into and use the Service; (xii) send marketing emails; (xiii) send account related emails.
If we rely on your consent for us to use your personal information in a particular way, but you later change your mind, you may withdraw your consent by contacting us at firstname.lastname@example.org and we will stop doing so. However, if you withdraw your consent, this may impact the ability for us to be able to provide Our Services
c. Customer Website Visitors
If We rely on Our legitimate interests for using personal information, We will undertake a balancing test to ensure that Our legitimate interests are not outweighed by your interests or fundamental rights and freedoms which require protection of the personal information. You can ask Us for information on this balancing test by contacting us at email@example.com.
a. Traffic Data
For Customers and Customer Visitors, We may aggregate and anonymize Traffic Data with that from Our other Customers to provide benchmarking data and other functionality, but we will not disclose aggregated Traffic Data in a manner that reveals the identity of a Customer or a Customer Website without the Customer’s express prior consent.
b. Agents, vendors and service providers
For all types of personal information (from Chartbeat Site Visitors, Customers and Customer Visitors ), We employ other companies and people to perform tasks on Our behalf and may need to share personal information with them to provide Our products and services. Examples include billing, technical assistance, and customer service. Our agents subscribe to the same level of privacy protection as we do. Unless we tell you differently, Chartbeat’s agents do not have any right to use the personal information we share with them beyond what is necessary to assist us. Any agent that we share your personal information with must agree, via contract, to provide adequate protections for the personal information that are no less protective than those set out in this policy.
c. Business Transfers
d. Public authorities and compliance with law
Chartbeat may be required to disclose personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements, prevent illegal activity, or comply with any legal obligation.
We may disclose your personal information to third parties in order to enforce or apply Our Terms of Service,or any other agreement or to respond to any claims, to protect Our rights or the rights of a third party, to protect the safety of any person or to prevent any illegal activity.
f. Protect rights and property
We may disclose your personal information to protect the rights, property, or safety of Chartbeat, Our staff, Our Customers or other persons. This may include exchanging personal information with other organizations for the purposes of fraud protection.
In cases of onward transfer to third parties of data of EU or Swiss individuals received pursuant to the EU-US and Swiss-US Privacy Shield, Chartbeat remains potentially liable if third party processing personal information received from the European Union or Switzerland on its behalf processes that personal information in a manner which is inconsistent with the Privacy Shield Principles (unless Chartbeat can prove that it is not responsible for the event giving rise to the damage).
We keep your personal information for no longer than necessary for the purposes for which the personal information is processed. The length of time for which We retain personal information depends on the purposes for which We collect and use it and/or as required to comply with applicable laws and to establish, exercise or defend Our legal rights.
Except as required by applicable laws or in order to defend any actual or possible legal claims, We will take reasonable steps to return or irretrievably delete all personal data processed on behalf of Our Customers when it is no longer required to exercise or perform Our rights or obligations under Our Terms of Service, and in any event within 90 days of expiry or termination of Our Terms of Service.
a.Your Authorization Required
If at any time We would like to disclose your personal information to a third party in a manner not described above, We will provide you with an affirmative or explicit (opt in) choice. To limit the use and disclosure of your personal information, you may also submit a written opt-out request to firstname.lastname@example.org. Customer Visitors specifically have the right to opt out of data tracking by visiting https://static.chartbeat.com/opt-out.html
b. Email Opt-Out.
As noted above in relation to Our Customers specifically, Customers are automatically opted-in to receive marketing emails from us when they register for the Service. Customers may choose not to receive marketing emails from Us and can opt out of such e-mails by utilizing the unsubscribe links provided therein.
In addition, you have certain rights in relation to your personal information. If you would like further information in relation to these or would like to exercise any of them, please contact Us via email at at email@example.com at any time.
Please note that We do not retain IP addresses, browser information or header information relating to Customer Visitors for more than a temporary period of time in order to provide the Service, and as such, that information cannot be accessed or modified once deleted.
You have the following rights; however, if you are Customer Visitor, except as may otherwise be set forth below, you must exercise these by contacting the Customer which operates the Customer Website that you are visiting and which gives rise to your right to exercise:
c. Right of access.
You have a right of access to any personal information We hold about you. You can ask Us (or if you are a Customer Visitor, the Customer which operates the Customer Website that you are visiting) for a copy of your personal information; confirmation as to whether your personal information is being used by Us; details about how and why it is being used; and details of the safeguards which are in place if We transfer your information outside of the United Kingdom or the European Economic Area ("EEA").
d. Right to update your information.
You have a right to request an update to any of your personal information which is out of date or incorrect.
e. Right to delete your information.
You have a right to ask Us (or if you are a Customer Visitor, the Customer which operates the Customer Website that you are visiting) to delete any personal information which is being held about you in certain specific circumstances. You can ask Us (or if you are a Customer Visitor, the Customer which operates the Customer Website that you are visiting) for further information on these specific circumstances. When applicable, contact Us at firstname.lastname@example.org.
We will pass your request onto other recipients of your personal information unless that is impossible or involves disproportionate effort. You can ask Us who the recipients are, by contacting us at email@example.com.
f. Right to restrict use of your information
You have a right to ask Us (or if you are a Customer Visitor, the Customer which operates the Customer Website that you are visiting) to restrict the way that We process your personal information in certain specific circumstances. You can ask Us (or if you are a Customer Visitor, the Customer which operates the Customer Website that you are visiting) for further information on these specific circumstances. Contact Us at firstname.lastname@example.org.
We will pass your request onto other recipients of your personal information unless that is impossible or involves disproportionate effort. You can ask Us who the recipients are by contacting us at email@example.com.
g. Right to stop marketing
You have a right to ask Us to stop using your personal information for direct marketing purposes. If you exercise this right, We will stop using your personal information for this purpose. In any event, we do not use Customer Visitor personal information for this purpose
h. Right data portability
You have a right to ask Us to provide your personal information to a third party provider of services.
This right only applies where We use your personal information on the basis of your consent or performance of a contract; and where Our use of your information is carried out by automated means.
i. Right to object
You have a right to ask Us to consider any valid objections which you have to Our use of your personal information where We process your personal information on the basis of Our or another person's legitimate interest.
We will consider all such requests and provide Our response within a reasonable period (and in any event within one month of your request unless We tell you We are entitled to a longer period under applicable law). Please note, however, that certain personal information may be exempt from such requests in certain circumstances, for example if We need to keep using the information to comply with Our own legal obligations or to establish, exercise or defend legal claims. If an exception applies, We will tell you this when responding to your request. We may request you provide Us with information necessary to confirm your identity before responding to any request you make. Further, if you are Customer Visitor, you may be required to make your request by contacting the Customer which operates the Customer Website that you are visiting and which gives rise to your request.
Like many other websites, We use a standard technology called "cookies."
Cookies are small pieces of information stored on your hard drive. They can help make the Internet experience quicker and more convenient.
a. Our site
Cookies allow Customers to login without entering their user ID and password each time they use the Service.
c. Customers' websites
If a Customer does not allow the placement of Chartbeat cookies on its Customer Website, the “new vs. returning user” data point in its Chartbeat dashboard will not be accurately reported. If you choose to remove Chartbeat cookies, please refer to the documentation for your browser.
d. Disabling cookies
Most browsers have an option for turning off the cookie feature, which will prevent your browser from accepting new cookies, as well as (depending on the sophistication of your browser software) allowing you to decide on acceptance of each new cookie in a variety of ways. If a Customer disables cookies, it will not be able to use the data tracking capabilities of the Service.
e. For Our European Customers where the EU ePrivacy Directive applies:
Chartbeat uses two cookies. One cookie (_chartbeat2) is used to register whether a Customer Visitor has visited the Customer Website before (to calculate “new vs returning” users). The other (_SUPERFLY_nosample) is used only if a Customer exceeds its plan’s traffic limit. When the traffic limit is reached the cookie is set and will disable the beacon from that Customer for one hour. The chartbeat2 cookie will remain valid as to any given website visitor, until the visitor elects to disable it. The SUPERFLY_nosample cookie is valid for one hour.
Our Site may contain links to third party websites. Please be aware that We are not responsible for the privacy practices of third party websites you choose to visit. If you provide any personal information directly to parties other than Us, different rules may apply to the use or disclosure of that personal information. We encourage you to investigate and ask questions before disclosing your personal information to third parties.
We may choose to deploy advertising on the Site and Service that is delivered to Chartbeat Visitors and Customers through a third party's advertising server. Information about Chartbeat Visitors and Customers' use of Our Service, such as the number of times a visitor has viewed an ad (but no personal information of the user), would be used in such a scenario to serve ads to Chartbeat Visitors and Customers.
Please be aware that whenever one voluntarily discloses personal information online - e.g., on message boards, in chat areas, in file uploads, through events, etc. - that information becomes public and can be collected and used by others and indexed in search engines. We have no control over, and take no responsibility for, the use, storage or dissemination of such publicly disclosed personal information. By posting personal information online in public forums, users may receive unsolicited messages from other parties.
In compliance with the Children's Online Privacy Protection Act (COPPA) and applicable European data privacy laws, We do not knowingly provide access to the Service to persons under the age of eighteen (18). If We learn that any user of the Service is under the age of eighteen (18), We will take appropriate steps to remove that user's information from Our records and We will restrict that individual from future access to the Service. Please contact us at privacy@chartbeat if you are aware that we may have inadvertently collected personal information from a child.
We process all personal information in facilities in the United States. Personal information is either collected in the United States, obtained through websites which are hosted in the United States, or transferred to the United States from websites which are hosted outside of the United States.
a. EU-US and Swiss-US Privacy Shield Framework (the "Privacy Shield")
Chartbeat is subject to the investigatory and enforcement powers of the Federal Trade Commission in respect of any failure to comply with the Privacy Shield.
We have also appointed an EU based representative who can be contacted at: firstname.lastname@example.org
You may also make a complaint to the UK Information Commissioner's Office or the data protection regulator in the country where you usually live or work, or where an alleged infringement of the General Data Protection Regulation has taken place. Alternatively, you may seek a remedy through the courts if you believe your rights have been breached.
b. Complaints under the Privacy Shield Principles
Chartbeat has further committed to refer unresolved privacy complaints under the EU-US and Swiss-US Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit http://www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint.
Provided certain conditions are met, you may also be entitled to invoke binding arbitration before a Privacy Shield Panel for residual claims about whether Chartbeat has violated its obligations to you under the Privacy Shield, and if that violation remains fully or partially unremedied.