Sign In
Get a Demo

Chartbeat Privacy Policy

Effective Date: January 29, 2025

This privacy policy (the “Privacy Policy”) describes how Chartbeat, Inc. (“Chartbeat”, “we”, “our” or “us”) collects and uses Personal Data (defined below) for which Chartbeat acts as a data controller under applicable privacy laws. “Personal Data” means any information that identifies or relates to a particular individual and also includes information referred to as “personally identifiable information,” “personal information,” or “personal data” under applicable data privacy laws, rules, or regulations.

Please read this Privacy Policy carefully – by visiting our website(s) including www.chartbeat.com (the “Site”) or using the Chartbeat Services, you acknowledge that you accept the practices and policies outlined below, and you hereby consent that we will collect, use and disclose your information as described in this Privacy Policy.

Remember that your use of the Chartbeat Services is at all times subject to our Terms of Service and the applicable Work Order. Capitalized terms used here and defined in the Terms of Service shall have the meanings set forth in the Terms of Service.

This Privacy Policy only addresses activities on our Site and Chartbeat Services. This Privacy Policy does not cover the practices of companies we don’t own or control or people we don’t manage. If you are a visitor of one of our Customer’s websites that utilize the Chartbeat Services, we process your Personal Data on behalf of such Customer as a “data processor.” For additional information, please see the “Personal Data We Process as a Data Processor” section below.

If you have any questions or comments regarding this Privacy Policy, please contact us at privacy@chartbeat.com. Where appropriate, we may refer you to our Customer in respect of any queries relating to the Customer as the data controller.

You may print a copy of this Privacy Policy by clicking here.

Privacy Policy Table of Contents:

  1. Notification of Changes
  2. Sources of Information
  3. Personal Data
    1. What Personal Data We Collect and How We Use It
    2. Personal Data We Process as a Data Processor
    3. Cookies
  4. Our Legal Bases and Commercial or Business Purposes for Collecting Personal Data
  5. Disclosure of Information to Third Parties
  6. Your Rights
    1. European Union, United Kingdom, and Swiss Residents
    2. U.S. Residents
  7. Links to Third Party Websites
  8. Privacy Protection for Children
  9. Security
  10. Location and Storage of Personal Data
  11. Contact Us
1. NOTIFICATION OF CHANGES

We may make changes to this Privacy Policy from time to time. We will notify you of any material changes to this Privacy Policy by placing a notice on our website or other aspect of the Chartbeat Services, sending you an email, or by other reasonable means.

2. SOURCES OF INFORMATION

We may collect Personal Data about you from:

  • You: When you provide such information directly to us, and when Personal Data about you is automatically collected in connection with your use of the Chartbeat Services.
  • Third parties: When third parties provide us with Personal Data about you (“Third Parties”). Third Parties that share your Personal Data with us include:
    • Service Providers. For example, we may use analytics service providers to analyze how you interact and engage with the Chartbeat Services, or third parties may help us provide you with customer support.
    • Social networks connected to the Chartbeat Services. If you provide your social network account credentials to us or otherwise sign in to the Chartbeat Services through a third party site or service, you understand some content and/or information in those accounts may be transmitted into your Account with us.
    • Advertising partners. We may receive Personal Data about you from some of our service providers who assist us with marketing or promotional services related to how you interact with our websites, applications, products, services, advertisements or communications.
    • Our affiliates. We may receive information about you from our affiliates, which can be used to enhance the Chartbeat Services for Customers.
3. PERSONAL DATA
  1. What Personal Data We Collect and How We Use It

The following tables describe the kinds of Personal Data we may collect about you and our business or commercial purposes for collecting such information. One or more tables may apply to you depending on your relationship with us.

Visitors: We may collect, or may have collected over the past 12 months, the following categories of Personal Data about you if you visit our Site, sign up for our marketing materials, or otherwise engage with us before becoming a Customer (“Visitor”):

Category of Personal DataBusiness or Commercial Purpose(s) for CollectionCategories of Third Parties To Whom We Disclose Personal Data
Personal Identifiers such as name, account name, email address• Providing, Customizing and Improving the Chartbeat Services
• Marketing the Chartbeat Services
• Corresponding with You		• Service Providers
• Advertising Partners
• Analytics Partners
• Affiliates
• Business Partners
• Parties You Authorize, Access or Authenticate
Internet or Other Similar Network Activity such as browsing history, IP address, web page interactions, referring webpage/source through which you accessed the Chartbeat Services, non-identifiable request IDs, and statistics associated with the interaction between device or browser and the Chartbeat Services• Providing, Customizing and Improving the Chartbeat Services
• Marketing the Chartbeat Services
• Corresponding with You		• Service Providers
• Advertising Partners
• Analytics Partners
• Affiliates
• Business Partners
• Parties You Authorize, Access or Authenticate
Device/IP Data such as IP address, device ID, domain server, and type of device/ operating system/ browser used to access the Chartbeat Services• Providing, Customizing and Improving the Chartbeat Services
• Marketing the Chartbeat Services
• Corresponding with You		Service Providers
• Advertising Partners
• Analytics Partners
• Affiliates
• Business Partners
• Parties You Authorize, Access or Authenticate
Other Identifying Information that You Voluntarily Choose to Provide such asemails, letters, texts, or other communications you send us• Providing, Customizing and Improving the Chartbeat Services
• Marketing the Chartbeat Services
• Corresponding with You		• Service Providers
• Parties You Authorize, Access or Authenticate

Customers: If you are a customer, we collect, or have collecte over the past 12 months, the following categories of Personal Data about you:

Category of Personal DataBusiness or Commercial Purpose(s) for CollectionCategories of Third Parties With Whom We Disclose this Personal Data
Personal identifiers such as name, account name, email address, phone number, business postal address, user ID, password• Providing, Customizing and Improving the Chartbeat Services
• Marketing the Chartbeat Services
• Corresponding with You		• Service Providers
• Analytics Partners
• Affiliates
• Business Partners
• Parties You Authorize, Access or Authenticate
Payment Data  such as financial account information, payment card type, last 4 digits of payment card, and billing address, phone number, and email                     • Providing, Customizing and Improving the Chartbeat Services  • Service Providers (specifically our payment processing partners, currently PayPal, Inc. (“PayPal”) and  BlueSnap, Inc. (“BlueSnap”)
Device/IP Data such as IP address, device ID, domain server, and type of device/ operating system/ browser used to access the Chartbeat Services• Providing, Customizing and Improving the Chartbeat Services
• Marketing the Chartbeat Services
• Corresponding with You		• Service Providers
• Analytics Partners
• Affiliates
• Business Partners
• Parties You Authorize, Access or Authenticate
Commercial Data such as purchase history• Providing, Customizing and Improving the Chartbeat Services
• Marketing the Chartbeat Services
• Corresponding with You		• Service Providers
• Affiliates
• Business Partners
• Parties You Authorize, Access or Authenticate
Professional or Employment-Related Data such as job title• Providing, Customizing and Improving the Chartbeat Services
• Marketing the Chartbeat Services
• Corresponding with You		• Service Providers
• Affiliates
• Business Partners
• Parties You Authorize, Access or Authenticate
Other Identifying Information that You Voluntarily Choose to Provide such asemails, letters, texts, or other communications you send us• Providing, Customizing and Improving the Chartbeat Services
• Corresponding with You		• Service Providers
• Parties You Authorize, Access or Authenticate
  • Personal Data That We Process as a Data Processor

We process certain Personal Data (including as may be collected via on our Customers’ websites) as a data processor in connection with the Chartbeat Services. The Customer whose website you visited is the “data controller” of such Personal Data. Since we don’t control this Personal Data, we may direct you to contact such Customer directly with inquiries about your Personal Data or to exercise any rights afforded to you under applicable law.

In connection with providing the Chartbeat Services to a Customer, we use cookies on a Customer’s website depending on how the Customer configures such cookies. We do not control the Personal Data that a Customer chooses to collect through use of the Chartbeat cookies. We may use Personal Data collected through cookies on a Customer’s website to provide the Chartbeat Services, or for systems administration, abuse prevention, or as otherwise permitted under our agreement with such Customer. For additional information about the Personal Data collected by a website using a Chartbeat cookie, please see the privacy policy posted on the website you visited.

Like most websites, our Site places cookies, pixel tags, web beacons or similar technology (“Cookies”) that serve various purposes, as described below, including to enable our servers to recognize your web browser, tell us how and when you visit and use the Chartbeat Services, analyze trends, learn about our user base and operate and improve the Chartbeat Services. Cookies are small pieces of data– usually text files – placed on your computer, tablet, phone or similar device when you use that device to access the Chartbeat Services. We may also supplement the information we collect from you with information received from third parties, including third parties that have placed their own Cookies on your device(s).

Please note that because of our use of Cookies, the Chartbeat Services do not support “Do Not Track” requests sent from a browser at this time. As described further above, we also may place Cookies on our customers’ websites in connection with the Chartbeat Services.

If you are a Visitor (as defined above), we use the following types of Cookies:

  • Essential Cookies. Essential Cookies are required for providing you with features or services that you have requested. For example, certain Cookies enable you to log into secure areas of the Chartbeat Services. Disabling these Cookies may make certain features and services unavailable.
  • Personalization Cookies. Personalization Cookies are used to record your choices and settings regarding the Chartbeat Services, maintain your preferences over time and recognize you when you return to the Chartbeat Services. These Cookies help us to personalize our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
  • Analytics Cookies. Performance/Analytical Cookies allow us to understand how Visitors use the Chartbeat Services. They do this by collecting information about the number of Visitors to the Chartbeat Services, what pages Visitors view on our Chartbeat Services and how long Visitors are viewing pages on the Chartbeat Services. Performance/Analytical Cookies also help us measure the performance of our advertising campaigns in order to help us improve our campaigns and the Chartbeat Services’ content for those who engage with our advertising. For example, Google LLC (“Google”) uses cookies in connection with its Google Analytics services. Google’s ability to use and disclose information collected by Google Analytics about your visits to the Services is subject to the Google Analytics Terms of Use and the Google Privacy Policy. You have the option to opt-out of Google’s use of Cookies by visiting the Google advertising opt-out page at www.google.com/privacy_ads.html or the Google Analytics Opt-out Browser Add-on at https://tools.google.com/dlpage/gaoptout/.
  • Targeted Advertising Cookies. Targeted Advertising Cookies collect data about your online activity and identify your interests for the purposes of serving advertising that might interest you and may be targeted to users who fit certain general profile categories or display certain preferences or behaviors (“Targeted Advertising”). For more information about Targeted Advertising, please see the section below titled “Information about Targeted Advertisements.”

If you are a Customer, we use the following types of Cookies:

  • Essential, Personalization, and Performance/Analytical Cookies. We use Essential Cookies and Personalization Cookies to allow Customers to login without entering their user ID and password each time they use the Chartbeat Services and to otherwise provide the Chartbeat Services. [We also use Analytics Cookies to understand how Customers are using the Chartbeat Services, what pages Customers view on our Chartbeat Services and how long Customers are viewing pages on the Chartbeat Services. Analytics Cookies also help us measure the performance of our advertising campaigns in order to help us improve our campaigns and the Services’ content for those who engage with our advertising.]
  • We do not collect Personal Data from Customers through Targeted Advertising cookies or otherwise engage in Targeted Advertising for Customers, except to the limited extent such Customer is a Visitor.

Most browsers have an option for turning off the cookie feature, which will prevent your browser from accepting new cookies, as well as (depending on the sophistication of your browser software) allowing you to decide on acceptance of each new cookie in a variety of ways. With respect to cookies on our Site, you can also explore what cookie settings are available to you or modify your preferences with respect to cookies via cookie management settings by clicking “Your Privacy Settings[Author11] ” in the footer of the Site or by implementing the Global Privacy Control. If a Customer disables cookies, it will not be able to use the data tracking capabilities of the Chartbeat Services.

Information about Targeted Advertisements

We may serve targeted advertisements, and also allow third-party ad networks, including third-party ad servers, ad agencies, ad technology vendors and research firms, to serve advertisements through the Site. Information for Targeted Advertising (including Personal Data) may be provided to us by you, or derived from the usage patterns of particular users on the Site and/or services of third parties. Such information may be gathered through tracking users’ activities across time and unaffiliated properties, including when you leave the Site. To accomplish this, we or our service providers may deliver Cookies, including a file (known as a “web beacon”) from an ad network to you through the Site. Web beacons allow ad networks to provide anonymized, aggregated auditing, research and reporting for us and for advertisers. Web beacons also enable ad networks to serve targeted advertisements to you when you visit other websites. Web beacons allow ad networks to view, edit or set their own Cookies on your browser, just as if you had requested a web page from their site.

4. OUR COMMERCIAL OR BUSINESS PURPOSES AND LEGAL BASES FOR USE OF YOUR PERSONAL DATA

Visitors

  • Providing, Customizing and Improving the Site and the Chartbeat Services
    • Providing you with the Site or information you request.
    • Meeting or fulfilling the reason you provided the information to us.
    • Operating and providing support and assistance for the Site.
    • Improving the Site and the Chartbeat Services, including testing, research, internal analytics and product development.
    • Personalizing the Site, its content and communications based on your preferences.
    • Doing fraud protection, security and debugging.
    • Carrying out other business purposes stated when collecting your Personal or as otherwise set forth in applicable U.S. state privacy laws such as the California Consumer Privacy Act, as amended by the California Privacy Rights Act of 2020 (the “CCPA” and collectively with other applicable U.S. state privacy laws, the “U.S. State Privacy Laws”).
  • Marketing the Chartbeat Services
    • Marketing and selling the Chartbeat Services.
    • Showing you advertisements, including interest-based, online behavioral or targeted advertising.
  • Corresponding with You
    • Responding to correspondence that we receive from you, contacting you when necessary or requested, and sending you information about Chartbeat or the Chartbeat Services.
    • Sending emails and other communications according to your preferences.

Customers

  • Providing, Customizing and Improving the Site and the Chartbeat Services
    • Creating and managing your account or other user profiles.
    • Processing orders or other transactions; billing.
    • Providing you with the products, services or information you request.
    • Meeting or fulfilling the reason you provided the information to us.
    • Providing support and assistance for the Chartbeat Services.
    • Improving the Chartbeat Services, including testing, research, internal analytics and product development.
    • Personalizing the Chartbeat Services, website content and communications based on your preferences.
    • Doing fraud protection, security and debugging.
    • Carrying out other business purposes stated when collecting your Personal Data or as otherwise set forth in the U.S. State Privacy Laws.
  • Corresponding with You
    • Responding to correspondence that we receive from you, contacting you when necessary or requested, and sending you information about Chartbeat or the Chartbeat Services.
    • Sending emails and other communications according to your preferences.

Processing Grounds under the GDPR

If you are a resident of the EU, UK, or Switzerland, we will only process your Personal Data if we have a lawful basis for doing so. Lawful bases for processing include consent, contractual necessity and our “legitimate interests” or the legitimate interest of others, as further described below.

  • Contractual Necessity: We process the following categories of Personal Data as a matter of “contractual necessity”, meaning that we need to process the data to perform under our Terms of Service with you, which enables us to provide you with the Chartbeat Services. When we process data due to contractual necessity, failure to provide such Personal Data will result in your inability to use some or all portions of the Chartbeat Services that require such data.
    • Visitors: Personal Identifiers, Device/IP data, and Other Identifying Information that You Voluntarily Choose to Provide.
    • Customers: Personal Identifiers, Payment Data, and Other Identifying Information that You Voluntarily Choose to Provide.
  • Legitimate Interest: We process the following categories of Personal Data when we believe it furthers the legitimate interest of us or third parties:
    • Visitors: Internet or Other Similar Network Activity and Device/IP Data.
    • Customers: Device/IP Data, Commercial Data, and Professional or Employment-Related Data.
    • We may also de-identify or anonymize Personal Data to further our legitimate interests, as described further below.

Examples of these legitimate interests include (as described in more detail above):

  • Providing, customizing and improving the Chartbeat Services.
    • Marketing the Chartbeat Services.
    • Corresponding with you.
    • Meeting legal requirements and enforcing legal terms.
    • Completing corporate transactions.
  • Consent: In some cases, we process Personal Data based on the consent you expressly grant to us at the time we collect such data. When we process Personal Data based on your consent, it will be expressly indicated to you at the point and time of collection.
  • Other Processing Grounds: From time to time we may also need to process Personal Data to comply with a legal obligation, if it is necessary to protect the vital interests of you or other data subjects, or if it is necessary for a task carried out in the public interest.

Other Permitted Purposes for Processing Personal Data

In addition, each of the above referenced categories of Personal Data may be collected, used, and disclosed with the government, including law enforcement, or other parties to meet certain legal requirements and enforcing legal terms including: fulfilling our legal obligations under applicable law, regulation, court order or other legal process, such as preventing, detecting and investigating security incidents and potentially illegal or prohibited activities; protecting the rights, property or safety of you, Chartbeat or another party; enforcing any agreements with you; responding to claims that any posting or other content violates third-party rights; and resolving disputes.

We will not collect additional categories of Personal Data or use the Personal Data we collected for materially different, unrelated or incompatible purposes without providing you notice or obtaining your consent.

5. DISCLOSURE OF INFORMATION TO THIRD PARTIES

We may disclose your Personal Data as described in this section, or with your express consent.

Service Providers

These parties help us provide the Chartbeat Services or perform business functions on our behalf. They include:

  • Hosting, technology and communication providers.
  • Analytics providers for web traffic or usage of the site.
  • Security and fraud prevention consultants.
  • Support and customer service vendors.
  • Product fulfillment and delivery providers.
  • Payment processors.
    • Our payment processing partners, PayPal and BlueSnap, collect your voluntarily-provided payment card information necessary to process your payment.
    • Please see PayPal or BlueSnap terms of service and privacy policy for information on its use and storage of your Personal Data.

Affiliates and Business Partners

We may disclose certain Personal Data to our corporate affiliates or parties that partner with us in offering various services, including businesses that you have a relationship with or companies that we partner with to offer joint promotional offers or opportunities.

Additionally, Chartbeat may partner with Business Partners in offering various services, including businesses that you have a relationship with and companies that we partner with to offer joint promotional offers or opportunities.

Third Parties You Authorize, Access or Authenticate

Solely at your direction or based on your authorization or use, we may disclose certain Personal Data to third parties you access through the services, including social media services.

Legal Obligations

We may disclose any Personal Data that we collect with third parties in conjunction with any of the activities set forth under “Other Permitted Purposes for Processing Personal Data” section above.

Voluntary Public Disclosure by You of Personal Data

Please be aware that whenever one voluntarily discloses Personal Data online – e.g., on message boards, in chat areas, in file uploads, through events, etc. – that information becomes public and can be collected and used by others and indexed in search engines. We have no control over, and take no responsibility for, the use, storage or dissemination of such publicly disclosed Personal Data. By posting Personal Data online in public forums, users may receive unsolicited messages from other parties.

Aggregated and Anonymized Data

Chartbeat may create aggregated, de-identified or anonymized data from the Personal Data we collect, including by removing information that makes the data personally identifiable to a particular user. We may use such aggregated, de-identified or anonymized data and share it with third parties for our lawful business purposes, including to analyze, build and improve the Chartbeat Services and promote our business, provided that we will not share such data in a manner that could identify you.

6. YOUR RIGHTS

You may exercise your rights with us in accordance with this section. Please note that your rights may be subject to additional requirements, conditions, or exceptions in accordance with applicable law.

If you have any questions about your rights, please reach out to privacy@chartbeat.com.

You may receiving marketing communications from us, for instance, when you register for the Chartbeat Services or visit the Site. If you would like to opt-out of such communications, you may unsubscribe in the link provided in any email communication.

  1. European Union, United Kingdom, and Swiss Residents

If you are a European Union (“EU”), United Kingdom (“UK”), or Swiss resident, you have certain rights pursuant to applicable law, such as the General Data Protection Regulation (the “GDPR”), as set forth below. If there are any conflicts between this this section and any other provision of this Privacy Policy, the policy or portion that is more protective of Personal Data shall control to the extent of such conflict.

If you have any questions about this section, whether any of the following applies to you, or the rights described below, or to submit a request regarding your Personal Data, please contact us at privacy@chartbeat.com. Please note that in some circumstances, we may not be able to fully comply with your request, such as if it is frivolous or extremely impractical, if it jeopardizes the rights of others, or if it is not required by law, but in those circumstances, we will still respond to notify you of such a decision. In some cases, we may also need you to provide us with additional information, which may include Personal Data, if necessary to verify your identity and the nature of your request.

EU, UK, and Swiss Resident Rights

  • Access:  You can request more information about the Personal Data we hold about you and request a copy of such Personal Data. You can also access certain of your Personal Data by logging on to your account.
  • Rectification:  If you believe that any Personal Data we are holding about you is incorrect or incomplete, you can request that we correct or supplement such data. You can also correct some of this information directly by logging on to your account.
  • Erasure:  You can request that we erase some or all of your Personal Data from our systems.
  • Withdrawal of Consent:  If we are processing your Personal Data based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time. Please note, however, that if you exercise this right, you may have to then provide express consent on a case-by-case basis for the use or disclosure of certain of your Personal Data, if such use or disclosure is necessary to enable you to utilize some or all of the Chartbeat Services.
  • Portability:  You can ask for a copy of your Personal Data in a machine-readable format. You can also request that we transmit the data to another controller where technically feasible.
  • Objection:  You can contact us to let us know that you object to the further use or disclosure of your Personal Data for certain purposes, such as for direct marketing purposes.
  • Restriction of Processing:  You can ask us to restrict further processing of your Personal Data.
  • Right to File Complaint:  You have the right to lodge a complaint about Chartbeat’s practices with respect to your Personal Data with the supervisory authority of your country or EU Member State. A list of Supervisory Authorities is available here: https://edpb.europa.eu/about-edpb/board/members_en.

Transfers of Personal Data

The Chartbeat Services are hosted and operated in the United States (“U.S.”) through Chartbeat and its service providers, and if you do not reside in the U.S., laws in the U.S. may differ from the laws where you reside. By using the Chartbeat Services, you acknowledge that any Personal Data about you, regardless of whether provided by you or obtained from a third party, is being provided to Chartbeat in the U.S. and will be hosted on U.S. servers, and you authorize Chartbeat to transfer, store and process your information to and in the U.S., and possibly other countries. In some circumstances, your Personal Data may be transferred to the U.S. pursuant to a data processing agreement incorporating standard data protection clauses and/or the Data Privacy Framework(s), as discussed below.

Data Privacy Framework

Chartbeat and its subsidiary Tubular Labs, Inc. (“Tubular”) comply with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF (“UK-U.S. DPF”), and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) (collectively, the “DPF”) as set forth by the U.S. Department of Commerce. Chartbeat and Tubular have certified to the U.S. Department of Commerce that we they adhere to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) and applicable principles under the UK-U.S. DPF (“UK-U.S. DPF Principles”) with regard to the processing of Personal Data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK-U.S. DPF. Chartbeat and Tubular have certified to the U.S. Department of Commerce that they adhere to the Swiss-U.S. Data Privacy Framework Principles (“Swiss-U.S. DPF Principles”) with regard to the processing of Personal Data received from Switzerland in reliance on the Swiss-U.S. DPF (with the EU-U.S. DPF Principles and the UK-U.S. DPF Principles, collectively, the “DPF Principles”). If there is any conflict between the terms in this Privacy Policy and the DPF Principles, the DPF Principles shall govern. To learn more about the DPF program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

The Federal Trade Commission has jurisdiction over Chartbeat’s compliance with the EU-U.S. DPF, the UK-U.S. DPF and the Swiss-U.S. DPF. This Privacy Policy describes the types of Personal Data we collect, the purposes for which we collect and use your Personal Data, and the purposes for which we disclose your Personal Data to certain types of third parties in the sections above. Pursuant to the DPF, EU, UK, and Swiss individuals have the right to obtain our confirmation of whether we maintain Personal Data relating to you in the U.S. Upon request, we will provide you with access to the Personal Data that we hold about you. You may also correct, amend, or delete the Personal Data we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the U.S. under DPF, should direct their query to privacy@chartbeat.com. If requested to remove data, we will respond within a reasonable timeframe. This Privacy Policy has additional information about the rights afforded to you.

We will provide you with the choice to opt-out from the sharing of your Personal Data, with any third parties (other than our agents or those that act on our behalf or under our instruction), or before we use it for a purpose that is materially different from the purpose for which it was originally collected or subsequently authorized.

In addition to any other disclosures described in this Privacy Policy, in certain situations, we may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Chartbeat’s accountability for Personal Data that we receive in the U.S. under the DPF and subsequently transfer to a third party acting as an agent on our behalf is described in the DPF Principles. In particular, we remain liable under the DPF Principles if our agents process Personal Data in a manner inconsistent with the DPF Principles, unless Chartbeat proves that we are not responsible for the event giving rise to the damage.

In compliance with the EU-U.S. DPF, the UK-U.S. DPF and the Swiss-U.S. DPF, Chartbeat commits to DPF Principles-related complaints about our collection and use of your Personal Data. European Union, United Kingdom, or Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF, the UK-U.S. DPF and the Swiss-U.S. DPF should first contact Chartbeat at privacy@chartbeat.com.

Chartbeat has further committed to refer unresolved privacy complaints under the DPF Principles to a U.S.-based independent dispute resolution mechanism, BBB NATIONAL PROGRAMS. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbbprograms.org/dpf-complaints for more information and to file a complaint. This service is provided free of charge to you.

If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. For more information, see Annex 1 of the DPF Principles, located at https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2.

B. U.S. Residents

If you reside in certain U.S. states, you may have certain rights afforded to you (as described below) depending on your state of residence. Please see the “Exercising Your U.S. State Privacy Law Rights” section below for instructions regarding how to exercise these rights. Please note that we may process Personal Data of our customers’ end users or employees in connection with our provision of certain services to our customers. If we are processing your Personal Data as a service provider, you should contact the entity that collected your Personal Data in the first instance to address your rights with respect to such data. Please note that your rights may be subject to certain conditions or exceptions in accordance applicable U.S. State Privacy Laws.

If you have any questions about this section or whether any of the following rights apply to you, please contact us at privacy@chartbeat.com.

  • Access. You may have the right to request confirmation of or access to the Personal Data that we process about you. You can also request access to a portable copy of your Personal Data. If you are an Oregon resident, you also have the right to request a list of specific third parties, other than natural persons, to which we have disclosed Personal Data.
  • Deletion. You may have the right to request that we delete the Personal Data that we have collected about you.
  • Correction. You may have the right to request that we correct any inaccurate Personal Data we have collected about you.
  • Portability. You may have the right to request a copy of your Personal Data in a machine-readable format, to the extent technically feasible.
  • Selling/Sharing/Targeted Advertising. We do not “sell” or “share” your Personal Data, except to the extent you are a Visitor.
    • If you are a Visitor, depending on your state of residence, you may have the right to opt out from the (1) selling, (2) sharing, or (3) processing for the purposes of targeted advertising of your Personal Data. These or similar terms may be defined differently depending the applicable U.S. State Privacy Law. For clarity, when we use the term “sell,” we mean for valuable consideration and not for any monetary value.
    • If you have the right to opt-out of the sale or share of your Personal Data, you can do so by following the instructions in the “Exercising Your U.S. State Privacy Law Rights” section. Once you have submitted an opt-out request, we will not ask you to reauthorize the sale of your Personal Data for at least 12 months.
    • We may sell or share your Personal Data as a Visitor to or with the following categories of third parties:
      • Ad networks and marketing providers.
    • Over the past 12 months, we may have sold or shared the following categories of your Personal Data, solely to the extent you are a Visitor and only to categories of third parties listed above:
      • Personal Identifiers and Internet or Other Similar Network Activity Information.
    • To our knowledge, we do not sell or share the Personal Data of minors under 16 years of age

We Will Not Discriminate Against You for Exercising Your Rights Under the U.S. State Privacy Laws

We will not discriminate against you for exercising your rights under the U.S. State Privacy Laws. We will not deny you our goods or services, charge you different prices or rates, or provide you a lower quality of goods and services if you exercise your rights under the U.S. State Privacy Laws. However, we may have different tiers of the Chartbeat Services as allowed by applicable data protection laws (including the U.S. State Privacy Laws) with varying prices, rates, or levels of quality of the goods or services you receive related to the value of Personal Data that we receive from you.

Exercising Your U.S. Privacy Rights

To exercise the rights described in this Privacy Policy, you or, if permitted by applicable U.S. State Privacy Laws, your Authorized Agent (defined below) must send us a request that (1) provides sufficient information to allow us to verify that you are the person about whom we have collected Personal Data (such as your Contact or Profile Data), and (2) describes your request in sufficient detail to allow us to understand, evaluate and respond to it. Each request that meets both of these criteria will be considered a “Valid Request.” We may not respond to requests that do not meet these criteria. We will only use Personal Data provided in a Valid Request to verify your identity and complete your request. You do not need an account to submit a Valid Request.

We will work to respond to your Valid Request within the time period required by applicable privacy laws. We will not charge you a fee for making a Valid Request unless your Valid Request(s) is excessive, repetitive or manifestly unfounded. If we determine that your Valid Request warrants a fee, we will notify you of the fee and explain that decision before completing your request.

Request to Opt-Out of Sale, Share, and/or Targeted Advertising

As applicable, you may opt-out from any “sales,” “shares,” or targeted advertising through Cookies, by using the following methods:

  • By accessing your cookie consent mechanism by accessing “Your Privacy Settings” at the bottom left of our website.
  • By implementing the Global Privacy Control or similar universal privacy control that is legally recognized by a government agency or industry standard and that complies with applicable U.S. State Privacy Laws. The signal issued by the control must be initiated by your browser and applies to the specific device and browser you use at the time you cast the signal.

Request to Access, Delete, or Correct

As applicable, you may submit a Valid Request for any other rights afforded to you in this Privacy Policy by emailing us at: privacy@chartbeat.com.

For residents of certain states, you may also authorize an agent (an “Authorized Agent”) to exercise your rights on your behalf. To do this, you must provide your Authorized Agent with written permission to exercise your rights on your behalf, and we may request a copy of this written permission from your Authorized Agent when they make a request on your behalf.

Appealing a Denial

If we refuse to take action on your request within a reasonable period of time after receiving your request in accordance with this section, you may appeal our decision if permitted by applicable U.S. State Privacy Laws. In such appeal, you must (1) provide sufficient information to allow us to verify that you are the person about whom the original request pertains and to identify the original request, and (2) provide a description of the basis of your appeal. Please note that your appeal will be subject to your rights and obligations afforded to you under the U.S. State Privacy Laws (as applicable). We will respond to your appeal within the time period required under the applicable law. You can submit a Verified Request to appeal by emailing us at: privacy@chartbeat.com (title must include “[STATE OF RESIDENCE] Appeal”).


If we deny your appeal, in certain states you have the right to contact the Attorney General of your State, including by the following links: Colorado, Connecticut, Montana, Oregon, Texas, and Virginia.

Our Site may contain links to third party websites. Please be aware that we are not responsible for the privacy practices of third party websites you choose to visit. If you provide any Personal Data directly to parties other than us, different rules may apply to the use or disclosure of that Personal Data. We encourage you to investigate and ask questions before disclosing your Personal Data to third parties.

8. PRIVACY PROTECTION FOR CHILDREN

In compliance with the Children’s Online Privacy Protection Act (COPPA) and applicable data protection laws, we do not knowingly provide access to the Chartbeat Services to persons under the age of eighteen (18). If we learn that any user of the Chartbeat Services is under the age of eighteen (18), we will take appropriate steps to remove that user’s information from our records and we will restrict that individual from future access to the Chartbeat Services. Please contact us at privacy@chartbeat.com if you are aware that we may have inadvertently collected Personal Data from a child.

9. SECURITY AND RETENTION

We have implemented security measures to protect information from loss, misuse and alteration. We use industry-standard practices such as encrypted storage, firewalls and password protection systems to safeguard the confidentiality of Personal Data which is collected and used in accordance with this Privacy Policy. Each of our employees and agents are aware of our security policies; Personal Data is only available to those employees and agents who need it to perform their jobs.

We keep your Personal Data for no longer than necessary for the purposes for which the Personal Data is processed. The length of time for which we retain Personal Data depends on the purposes for which we collect and use it and/or as required to comply with applicable laws and to establish, exercise or defend our legal rights.

Except as required by applicable laws or in order to defend any actual or possible legal claims, we will take reasonable steps to return or irretrievably delete all Personal Data processed on behalf of our Customers when it is no longer required to exercise or perform our rights or obligations under our Terms of Service (provided that we may retain Customer’s employee/users’ Personal Data to provide future notices to Customer and respond to future Customer or legal inquiries).

10. HR DATA

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, Chartbeat commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF in the context of the employment relationship.

11. CONTACT US

If you have any questions or complaints about how we use your Personal Data, or if you would like to request access to your information in accordance with this Privacy Policy, please contact Chartbeat at privacy@chartbeat.com, or Chartbeat, Inc. at 701 Tillery Street, Unit 12-1019, Austin, Texas 78702.

Individuals and the data protection supervisory authorities in the EU/EEA and individuals and the data protection supervisory authority (“ICO”) in the UK may also contact our data protection representatives according to Article 27 GDPR:

EU: DP-Dock GmbH, Attn.: Chartbeat, Ballindamm 39, 20095 Hamburg, Germany

UK: DP Data Protection Services UK Ltd., Attn.: Chartbeat, 16 Great Queen Street, Covent Garden, London, WC2B 5AH, United Kingdom

www.dp-dock.com

chartbeat@gdpr-rep.com

You may also make a complaint to the UK Information Commissioner’s Office or the data protection regulator in the country where you usually live or work, or where an alleged infringement of the General Data Protection Regulation has taken place. Alternatively, you may seek a remedy through the courts if you believe your rights have been breached.