Effective Date: May 22, 2023
Chartbeat is a company with an address at 701 Tillery Street Unit 12-1019, Austin Texas 78702. We are the data controller of the Personal Data that We collect about Chartbeat Site Visitors and about Our Customers. We are the data processor of the Personal Data that We collect about Customer Visitors.
You have various rights in respect of Our use of your Personal Data as set out in section 7. You can find out more information in section 7.
If We make any material changes in Our privacy practices that do not affect Personal Data already collected and stored by Us, We will post a notice on Our Site notifying users and/or Customers of the change.
We collect Personal Data about you from:
We use the information We collect from Chartbeat Site Visitors, Chartbeat Customers, and Customer Visitors to create a secure and personalized service, according to the purposes described below.
The following chart details the categories of Personal Data that we collect and have collected from Chartbeat Site Visitors over the past twelve (12) months.
Category of Personal Data
Personal Data Collected
What is the source of this Personal Data?
Examples : Real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number or other similar identifiers.
Name, account name, email address, IP address, business postal address.
You or your Chartbeat account's administrator
Customer records identified by state law (including the California Customer Records statute (Cal. Civ. Code § 1798.80(e)))
Name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number or any other financial information, medical information or health insurance information.
Name, employment records, credit card numbers
You or your Chartbeat account's administrator
Internet or other similar network activity information
Examples : Browsing history, search history, or information on a consumer's interaction with a website, application or advertisement.
Browsing history on our website or applications.
Examples : Physical location or movements.
We collect approximate location data based on a user's anonymized IP address.
Our primary purposes of collecting Personal Data of Chartbeat Site Visitors is to conduct analytics of website traffic and to provide information you request (e.g. newsletter subscriptions, responses to support ticket).
For Customers specifically, We collect and store Personal Data that Our Customers submit to Us, such as their names, job roles, e-mail addresses, and billing information, to allow Us to identify Customers, provide the Service and notify Customers of changes or updates to the Service.
If a Customer elects to provide it, We also collect and store the Customer's phone number, which We use to assist Us in providing the Service, including to contact them in account recovery and other scenarios.
We also collect other information from Customers, such as IP address and browser type. We use the IP addresses of Customers to assist in login and other uses related to Customers' use of the Service. Customers' sessions on Our Site are also tracked for systems administration purposes and to track user trends. We may link IP address and other information to a Customer's account.
We also collect Customers' user ID and password information to enable them to log into and use the Service.
Finally, Customers will start receiving marketing emails from us when they register for the Service, as we believe it is of our common interest for the Customer to know more about our services and products. Customers can opt-out of marketing emails by utilizing the unsubscribe links provided therein, but We may still need to send Customers e-mails relating to their accounts (e.g. support requests response, security warnings, updates to our Terms and Conditions), as strictly needed, so We can continue to provide our Services in accordance with our obligations to you.
For Customer Visitors, when a Customer Visitor visits a Customer Website, We collect certain information regarding their use of the Customer Website, such as their IP address and browser type on behalf of our Customer. Their session on the Customer Website will be tracked. We may use their IP address to identify the general geographic area from which they are accessing the Customer Website. We remove the last octet of the IP address and therefore do not store IP addresses or link IP addresses to any Personal Data. We also use this information for systems administration purposes, abuse prevention and to track user trends in connection with Our provision of the Service.
As part of the Service, We collect information relating to traffic on the Customer Websites ("Traffic Data") on which Customers choose to activate the Service. In connection with the collection of this Traffic Data, Chartbeat does not collect any Personal Data from Customer Visitors, (i) so long as the Customer configures the Chartbeat code on the Customer Website in accordance with the instructions and documentation provided by Us, so that URLs containing Personal Data of Customer Visitors are not captured by the Service, and (ii) provided that We do collect IP addresses from Customer Visitors in order to show geolocation information but We remove the last octet of the IP address and therefore do not store IP addresses in a manner that would permit direct personal identification.
Traffic Data is used to provide Customers with real-time analytics and uptime monitoring. We may aggregate and anonymize Traffic Data with that from other sites to provide benchmarking data and other functionality, but We will not use or disclose aggregated Traffic Data in a manner that reveals the identity of a Customer or Customer Website without the Customer's express prior consent.
We also collect first party cookie IDs on behalf of Customers. Chartbeat code, by default, sets and reads a cookie on the Customer's website domain containing a randomly-generated user ID for purposes of determining unique visitor counts and visitors' loyalty to a site. Such information can be classified as Personal Data under the European General Data Protection Regulation and any other applicable data protections legislations which Chartbeat may be subject to, including the Brazilian General Data Protection Law (Federal Law n. 13,709/2018) (together, “Data Protection Laws”), but it is not stored in a manner that would permit personal identification.
We also collect and use browser header information to help Us understand from which websites a Customer Visitor navigates to a Customer Website.
Our use of your Personal Data is necessary :
2. for Our legitimate interests or business purposes (for example, to ensure the security of Our Site). Our legitimate interests and business purposes are to: (i) run, grow and develop Our business; (ii) operate our Site; (iii) analyze the use of Our Site and make improvements; (iv) identify visitors, administer the Service; (v) make product decisions; (vi) notify visitors of changes or updates to the Site; (vii) for systems administration purposes; and (viii) to track visitor trends.
Our use of your Personal Data is necessary:
2. For Our legitimate interests or the legitimate interests of others (for example to ensure the security of Our Site). Our legitimate interest are to: (i) run, grow and develop Our business; (ii) operate Our Site; (iii) allow Us to identify Customers; (iv) provide the Service; (v) notify Customers of changes or updates to the Service; (vi) contact you in account recovery and other scenarios; (viii) assist in login and other uses related to Customers' use of the Service; (ix) perform systems administration activities; (x) track visitor trends; (xi) enable you to log into and use the Service; (xii) send marketing emails; (xiii) send account related emails.
3. If we rely on your consent for us to use your Personal Data in a particular way, but you later change your mind, you may withdraw your consent by contacting us at firstname.lastname@example.org and we will stop doing so. However, if you withdraw your consent, this may impact the ability for us to be able to provide Our Services
If We rely on Our legitimate interests for using Personal Data, We will undertake a balancing test to ensure that Our legitimate interests are not outweighed by your interests or fundamental rights and freedoms which require protection of the Personal Data. You can ask Us for information on this balancing test by contacting us at email@example.com.
For Customers and Customer Visitors, We may aggregate and anonymize Traffic Data with that from Our other Customers to provide benchmarking data and other functionality, but we will not disclose aggregated Traffic Data in a manner that reveals the identity of a Customer or a Customer Website without the Customer's express prior consent.
For all types of Personal Data (from Chartbeat Site Visitors, Customers and Customer Visitors ), We employ other companies and people to perform tasks on Our behalf and may need to share Personal Data with them to provide Our products and services. Examples include billing, technical assistance, and customer service. Our agents subscribe to the same level of privacy protection as we do. Unless we tell you differently, Chartbeat's agents do not have any right to use the Personal Data we share with them beyond what is necessary to assist us. Any agent that we share your Personal Data with must agree, via contract, to provide adequate protections for the Personal Data that are no less protective than those set out in this policy.
Chartbeat may transfer the Personal Data that we collect to a third party if we undergo a merger, acquisition, bankruptcy or other transaction in which that third party assumes control of our business (in whole or in part). Should one of these events occur, we will make reasonable efforts to notify you before your information becomes subject to different privacy and security policies and practices.
Chartbeat may create aggregated, de-identified or anonymized data from the Personal Data we collect, including by removing information that makes the data personally identifiable to a particular user. We may use such aggregated, de-identified or anonymized data and share it with third parties for our lawful business purposes, including to analyze, build and improve the Services and promote our business, provided that we will not share such data in a manner that could identify you.
Chartbeat may be required to disclose Personal Data in response to a lawful request by public authorities, including to meet national security or law enforcement requirements, prevent illegal activity, or comply with any legal obligation.
We may disclose your Personal Data to third parties in order to enforce or apply Our Terms of Service, or any other agreement or to respond to any claims, to protect Our rights or the rights of a third party, to protect the safety of any person or to prevent any illegal activity.
We may disclose your Personal Data to protect the rights, property, or safety of Chartbeat, Our staff, Our Customers or other persons. This may include exchanging Personal Data with other organizations for the purposes of fraud protection.
In cases of onward transfer to third parties of data of EU or Swiss individuals received pursuant to the EU-US and Swiss-US Privacy Shield, Chartbeat remains potentially liable if third party processing Personal Data received from the European Union or Switzerland on its behalf processes that Personal Data in a manner which is inconsistent with the Privacy Shield Principles (unless Chartbeat can prove that it is not responsible for the event giving rise to the damage).
We keep your Personal Data for no longer than necessary for the purposes for which the Personal Data is processed. The length of time for which We retain Personal Data depends on the purposes for which We collect and use it and/or as required to comply with applicable laws and to establish, exercise or defend Our legal rights.
Except as required by applicable laws or in order to defend any actual or possible legal claims, We will take reasonable steps to return or irretrievably delete all personal data processed on behalf of Our Customers when it is no longer required to exercise or perform Our rights or obligations under Our Terms of Service.
If at any time We would like to disclose your Personal Data to a third party in a manner not described above, We will provide you with an affirmative or explicit (opt in) choice. To limit the use and disclosure of your Personal Data, you may also submit a written opt-out request to firstname.lastname@example.org. Customer Visitors specifically have the right to opt out of data tracking by visiting https://static.chartbeat.com/opt-out.html
As noted above in relation to Our Customers specifically, Customers will start receiving marketing emails from us when they register for the Service, as this kind of communication is in the common interests of both the Customers and Chartbeat. Customers may choose not to receive marketing emails from Us and can opt out of such e-mails by utilizing the unsubscribe links provided therein.
In addition, you have certain rights in relation to your Personal Data. If you would like further information in relation to these or would like to exercise any of them, please contact Us via email at at email@example.com at any time.
Please note that We do not retain IP addresses, browser information or header information relating to Customer Visitors for more than a temporary period of time in order to provide the Service, and as such, that information cannot be accessed or modified once deleted.
You have the following rights; however, if you are Customer Visitor, except as may otherwise be set forth below, you must exercise these by contacting the Customer which operates the Customer Website that you are visiting and which gives rise to your right to exercise.
Please note that the rights here described may suffer limitations or even be enhanced depending on which laws of the Data Protection Laws are applicable to you in particular. Accordingly, you may have additional rights as provided by applicable laws or legal limitations, depending on where you are.
You have a right of access to any Personal Data we hold about you. Depending on the jurisdiction under which the processing of Your Personal Data takes place, this may include the right to obtain additional information about how your data is processed, with whom it was shared, what would happen if you withdrew your consent, among other information, assured by Data Protection Laws. You can ask Us (or if you are a Customer Visitor, the Customer which operates the Customer Website that you are visiting) for a copy of your Personal Data; confirmation as to whether your Personal Data is being used by Us; details about how and why it is being used; and details of the safeguards which are in place if We transfer your information outside of the United Kingdom, the European Economic Area ("EEA") or any other areas covered by Data Protection Laws.
You have a right to request an update to any of your Personal Data which is out of date or incorrect.
You have a right to ask Us (or if you are a Customer Visitor, the Customer which operates the Customer Website that you are visiting) to delete any Personal Data which is being held about you in certain specific circumstances. You can ask Us (or if you are a Customer Visitor, the Customer which operates the Customer Website that you are visiting) for further information on these specific circumstances. When applicable, contact Us at firstname.lastname@example.org.
We will pass your request onto other recipients of your Personal Data unless that is impossible or involves disproportionate effort. You can ask Us who the recipients are, by contacting us at email@example.com.
You have a right to ask Us (or if you are a Customer Visitor, the Customer which operates the Customer Website that you are visiting) to restrict the way that We process your Personal Data in certain specific circumstances. You can ask Us (or if you are a Customer Visitor, the Customer which operates the Customer Website that you are visiting) for further information on these specific circumstances. Contact Us at firstname.lastname@example.org.
We will pass your request onto other recipients of your Personal Data unless that is impossible or involves disproportionate effort. You can ask Us who the recipients are by contacting us at email@example.com.
You have a right to ask Us to stop using your Personal Data for direct marketing purposes. If you exercise this right, We will stop using your Personal Data for this purpose. In any event, we do not use Customer Visitor Personal Data for this purpose
You have a right to ask Us to provide your Personal Data to a third party provider of services.
This right only applies where We use your Personal Data on the basis of your consent or performance of a contract; and where Our use of your information is carried out by automated means.
You have a right to ask Us to consider any valid objections which you have to Our use of your Personal Data where We process your Personal Data on the basis of Our or another person's legitimate interest.
We will consider all such requests and provide Our response within a reasonable period (and in any event within one month of your request unless We tell you We are entitled to a longer period under applicable law). Please note, however, that certain Personal Data may be exempt from such requests in certain circumstances, for example if We need to keep using the information to comply with Our own legal obligations or to establish, exercise or defend legal claims. If an exception applies, We will tell you this when responding to your request. We may request you provide Us with information necessary to confirm your identity before responding to any request you make. Further, if you are Customer Visitor, you may be required to make your request by contacting the Customer which operates the Customer Website that you are visiting and which gives rise to your request.
Over the past twelve (12) months, we have not sold or shared your Personal Data, as the terms "sell" and “share” are defined in the CCPA. We do not sell or share your Personal Data.
You have the right to request certain information about our collection and use of your Personal Data over the past 12 months. We will provide you with the following information as a Chartbeat Site Visitor:
You have the right to request that we delete the Personal Data that we have collected from you as a Chartbeat Site Visitor. Under the CCPA, this right is subject to certain exceptions: for example, we may need to retain your Personal Data to provide you with the Services or complete a transaction or other action you have requested. If your deletion request is subject to one of these exceptions, we may deny your deletion request.
You have the right to request that we correct any inaccurate Personal Data we have collected about you. Under the CCPA, this right is subject to certain exceptions: for example, if we decide, based on the totality of circumstances related to your Personal Data, that such data is correct. If your correction request is subject to one of these exceptions, we may deny your request.
We Will Not Discriminate Against You for Exercising Your Rights Under the CCPA.
We will not discriminate against you for exercising your rights under the CCPA. We will not deny you our goods or services, charge you different prices or rates, or provide you a lower quality of goods and services if you exercise your rights under the CCPA. However, we may have different tiers of Services as allowed by applicable data protection laws (including the CCPA) with varying prices, rates, or levels of quality of the goods or services you receive related to the value of Personal Data that we receive from you.
You have the right to request confirmation of whether or not we are processing your Personal Data and to access your Personal Data.
You have the right to correct inaccuracies in your Personal Data, to the extent such correction is appropriate in consideration of the nature of such data and our purposes of processing your Personal Data.
You have the right to request a copy of your Personal Data in a machine-readable format, to the extent technically feasible.
You have the right to delete your Personal Data.
Opt-Out of Certain Processing Activities
You have the right to opt-out of the processing of your Personal Data for targeted advertising purposes. We do not process your Personal Data for targeted advertising purposes.
You have the right to opt-out to the sale of your Personal Data. We do not currently sell your Personal Data as defined under the VCDPA.
You have the right to opt-out from the processing your Personal Data for the purposes of profiling in furtherance of decisions that produce legal or similarly significant effects to you; however, we do not conduct such activities.
If we refuse to take action on a request within a reasonable period of time after receiving your request in accordance with this section. In such appeal, you must (1) provide sufficient information to allow us to verify that you are the person about whom the original request pertains and to identify the original request, and (2) provide a description of the basis of your appeal. Please note that your appeal will be subject to your rights and obligations afforded to you under the VCDPA. We will respond to your appeal within 60 days of receiving your request. If we deny your appeal, you have the right to contact the Virginia Attorney General using the methods described at https://www.oag.state.va.us/consumer-protection/index.php/file-a-complaint .
All CCPA and VCDPA requests must (1) provide sufficient information to allow us to verify that you are the person about whom we have collected Personal Data, and (2) describe your request in sufficient detail to allow us to understand, evaluate, and respond to it. Each request that meets both of these criteria will be considered a "Valid Request." We may not respond to requests that do not meet these criteria. We will only use Personal Data provided in a Valid Request to verify you and complete your request. You do not need an account to submit a Valid Request.
We will work to respond to your Valid Request within 45 days of receipt. We will not charge you a fee for making a Valid Request unless your Valid Request(s) is excessive, repetitive, or manifestly unfounded. If we determine that your Valid Request warrants a fee, we will notify you of the fee and explain that decision before completing your request.
You may submit a Valid Request using the following methods:
If you are a Virginia resident, you may appeal a decision by us using the following methods:
If you are a resident of Nevada, you have the right to opt-out of the sale of certain Personal Data to third parties who intend to license or sell your Personal Data. Please note that we do not currently sell your Personal Data (as sales are defined in Nevada Revised Statutes Chapter 603A).
Like many other websites, We use a standard technology called "cookies."
Cookies are small pieces of information stored on your hard drive. They can help make the Internet experience quicker and more convenient.
Cookies allow Customers to login without entering their user ID and password each time they use the Service.
If a Customer does not allow the placement of Chartbeat cookies on its Customer Website, the "new vs. returning user" data point in its Chartbeat dashboard will not be accurately reported. If you choose to remove Chartbeat cookies, please refer to the documentation for your browser.
Most browsers have an option for turning off the cookie feature, which will prevent your browser from accepting new cookies, as well as (depending on the sophistication of your browser software) allowing you to decide on acceptance of each new cookie in a variety of ways. If a Customer disables cookies, it will not be able to use the data tracking capabilities of the Service.
Chartbeat uses several cookies:
Our Site may contain links to third party websites. Please be aware that We are not responsible for the privacy practices of third party websites you choose to visit. If you provide any Personal Data directly to parties other than Us, different rules may apply to the use or disclosure of that Personal Data. We encourage you to investigate and ask questions before disclosing your Personal Data to third parties.
We may choose to deploy advertising on the Site and Service that is delivered to Chartbeat Visitors and Customers through a third party's advertising server. Information about Chartbeat Visitors and Customers' use of Our Service, such as the number of times a visitor has viewed an ad (but no Personal Data of the user), would be used in such a scenario to serve ads to Chartbeat Visitors and Customers.
Please be aware that whenever one voluntarily discloses Personal Data online - e.g., on message boards, in chat areas, in file uploads, through events, etc. - that information becomes public and can be collected and used by others and indexed in search engines. We have no control over, and take no responsibility for, the use, storage or dissemination of such publicly disclosed Personal Data. By posting Personal Data online in public forums, users may receive unsolicited messages from other parties.
In compliance with the Children's Online Privacy Protection Act (COPPA), applicable European data privacy laws, and other Data Protection Laws, We do not knowingly provide access to the Service to persons under the age of eighteen (18). If We learn that any user of the Service is under the age of eighteen (18), We will take appropriate steps to remove that user's information from Our records and We will restrict that individual from future access to the Service. Please contact us at privacy@chartbeat if you are aware that we may have inadvertently collected Personal Data from a child.
We process all Personal Data in facilities in the United States. Personal Data is either collected in the United States, obtained through websites which are hosted in the United States, or transferred to the United States from websites which are hosted outside of the United States.
Chartbeat is subject to the investigatory and enforcement powers of the Federal Trade Commission in respect of any failure to comply with the Privacy Shield.
In accordance with our Data Processing Addendum, which is incorporated into our terms of service, we utilize the standard contractual clauses for authorizing transfers of EU or UK Personal Data to the US.
We have also appointed an EU based representative who can be contacted at: firstname.lastname@example.org
You may also make a complaint to the UK Information Commissioner's Office or the data protection regulator in the country where you usually live or work, or where an alleged infringement of the General Data Protection Regulation has taken place. Alternatively, you may seek a remedy through the courts if you believe your rights have been breached.
Chartbeat has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/privacy-shield-complaints/ for more information and to file a complaint. This service is provided free of charge to you.
Provided certain conditions are met, you may also be entitled to invoke binding arbitration before a Privacy Shield Panel for residual claims about whether Chartbeat has violated its obligations to you under the Privacy Shield, and if that violation remains fully or partially unremedied.
For individuals in the United Kingdom, we have appointed a UK based representative to serve as a direct contact for data protection authorities and individuals on our behalf, who can be contacted at email@example.com or MCF Legal Technology Solutions (UK) Limited, Tower 42 Level 38C, 25 Old Broad St, London EC2N 1HQ, United Kingdom.