Effective Date: December 31, 2019
Chartbeat is a company with offices at 826 Broadway, 6th Floor, New York, New York 10003. We are the data controller of the Personal Data that We collect about Chartbeat Site Visitors and about Our Customers. We are the data processor of the Personal Data that We collect about Customer Visitors.
You have various rights in respect of Our use of your Personal Data as set out in section 7. You can find out more information in section 7.
If We make any material changes in Our privacy practices that do not affect Personal Data already collected and stored by Us, We will post a notice on Our Site notifying users and/or Customers of the change.
We collect Personal Data about you from:
We use the information We collect from Chartbeat Site Visitors , Chartbeat Customers, and Customer Visitors to create a secure and personalized service.
The following chart details the categories of Personal Data that we collect and have collected from Chartbeat Site Visitors over the past twelve (12) months.
Category of Personal Data
Personal Data Collected
What is the source of this Personal Data?
Examples : Real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number or other similar identifiers.
Name, account name, email address, IP address, business postal address.
You or your Chartbeat account's administrator
Customer records identified by state law (including the California Customer Records statute (Cal. Civ. Code § 1798.80(e)))
Name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number or any other financial information, medical information or health insurance information.
Name, employment records, credit card numbers
You or your Chartbeat account's administrator
Internet or other similar network activity information
Examples : Browsing history, search history, or information on a consumer's interaction with a website, application or advertisement.
Browsing history on our website or applications.
Examples : Physical location or movements.
We collect approximate location data based on a user's anonymized IP address.
For Customers specifically, We collect and store Personal Data that Our Customers submit to Us, such as their names and e-mail addresses and billing information, to allow Us to identify Customers, provide the Service and notify Customers of changes or updates to the Service.
If a Customer elects to provide it, We also collect and store the Customer's phone number, which We use to assist Us in providing the Service, including to contact them in account recovery and other scenarios.
We also collect other information from Customers, such as IP address and browser type. We use the IP addresses of Customers to assist in login and other uses related to Customers' use of the Service. Customers' sessions on Our Site are also tracked for systems administration purposes and to track user trends. We may link IP address and other information to a Customer's account.
We also collect Customers' user ID and password information to enable them to log into and use the Service.
Finally, Customers are automatically opted-in to receive marketing emails from us when they register for the Service. Customers can opt-out of marketing emails by utilizing the unsubscribe links provided therein, but We may still need to send Customers e-mails relating to their accounts.
For Customer Visitors, when a Customer Visitor visits a Customer Website, We collect certain information regarding their use of the Customer Website, such as their IP address and browser type on behalf of our Customer. Their session on the Customer Website will be tracked. We may use their IP address to identify the general geographic area from which they are accessing the Customer Website. We remove the last octet of the IP address and therefore do not store IP addresses or link IP addresses to any Personal Data. We also use this information for systems administration purposes, abuse prevention and to track user trends in connection with Our provision of the Service.
As part of the Service, We collect information relating to traffic on the Customer Websites ("Traffic Data") on which Customers choose to activate the Service. In connection with the collection of this Traffic Data, Chartbeat does not collect any Personal Data from Customer Visitors, (i) so long as the Customer configures the Chartbeat code on the Customer Website in accordance with the instructions and documentation provided by Us, so that URLs containing Personal Data of Customer Visitors are not captured by the Service, and (ii) provided that We do collect IP addresses from Customer Visitors in order to show geolocation information but We remove the last octet of the IP address and therefore do not store IP addresses in a manner that would permit personal identification.
Traffic Data is used to provide Customers with real-time analytics and uptime monitoring. We may aggregate and anonymize Traffic Data with that from other sites to provide benchmarking data and other functionality, but We will not use or disclose aggregated Traffic Data in a manner that reveals the identity of a Customer or Customer Website without the Customer's express prior consent.
We also collect first party cookie IDs on behalf of Customers. Chartbeat code, by default, sets and reads a cookie on the Customer's website domain containing a randomly-generated user ID for purposes of determining unique visitor counts and visitors' loyalty to a site. Such information can be classified as Personal Data under the European General Data Protection Regulation but it is not stored in a manner that would permit personal identification.
We also collect and use browser header information to help Us understand from which websites a Customer Visitor navigates to a Customer Website.
Our use of your Personal Data is necessary :
2. for Our legitimate interests or business purposes (for example, to ensure the security of Our Site). Our legitimate interests and business purposes are to: (i) run, grow and develop Our business; (ii) operate our Site; (iii) analyze the use of Our Site and make improvements; (iv) identify visitors, administer the Service; (v) make product decisions; (vi) notify visitors of changes or updates to the Site; (vii) for systems administration purposes; and (viii) to track visitor trends.
Our use of your Personal Data is necessary:
2. for Our legitimate interests or the legitimate interests of others (for example to ensure the security of Our Site). Our legitimate interest are to: (i) run, grow and develop Our business; (ii) operate Our Site; (iii) allow Us to identify Customers; (iv) provide the Service; (v) notify Customers of changes or updates to the Service; (vi) contact you in account recovery and other scenarios; (viii) assist in login and other uses related to Customers' use of the Service; (ix) perform systems administration activities; (x) track visitor trends; (xi) enable you to log into and use the Service; (xii) send marketing emails; (xiii) send account related emails.
3. If we rely on your consent for us to use your Personal Data in a particular way, but you later change your mind, you may withdraw your consent by contacting us at email@example.com and we will stop doing so. However, if you withdraw your consent, this may impact the ability for us to be able to provide Our Services
If We rely on Our legitimate interests for using Personal Data, We will undertake a balancing test to ensure that Our legitimate interests are not outweighed by your interests or fundamental rights and freedoms which require protection of the Personal Data. You can ask Us for information on this balancing test by contacting us at firstname.lastname@example.org.
For Customers and Customer Visitors, We may aggregate and anonymize Traffic Data with that from Our other Customers to provide benchmarking data and other functionality, but we will not disclose aggregated Traffic Data in a manner that reveals the identity of a Customer or a Customer Website without the Customer's express prior consent.
For all types of Personal Data (from Chartbeat Site Visitors, Customers and Customer Visitors ), We employ other companies and people to perform tasks on Our behalf and may need to share Personal Data with them to provide Our products and services. Examples include billing, technical assistance, and customer service. Our agents subscribe to the same level of privacy protection as we do. Unless we tell you differently, Chartbeat's agents do not have any right to use the Personal Data we share with them beyond what is necessary to assist us. Any agent that we share your Personal Data with must agree, via contract, to provide adequate protections for the Personal Data that are no less protective than those set out in this policy.
Chartbeat may be required to disclose Personal Data in response to a lawful request by public authorities, including to meet national security or law enforcement requirements, prevent illegal activity, or comply with any legal obligation.
We may disclose your Personal Data to third parties in order to enforce or apply Our Terms of Service, or any other agreement or to respond to any claims, to protect Our rights or the rights of a third party, to protect the safety of any person or to prevent any illegal activity.
We may disclose your Personal Data to protect the rights, property, or safety of Chartbeat, Our staff, Our Customers or other persons. This may include exchanging Personal Data with other organizations for the purposes of fraud protection.
In cases of onward transfer to third parties of data of EU or Swiss individuals received pursuant to the EU-US and Swiss-US Privacy Shield, Chartbeat remains potentially liable if third party processing Personal Data received from the European Union or Switzerland on its behalf processes that Personal Data in a manner which is inconsistent with the Privacy Shield Principles (unless Chartbeat can prove that it is not responsible for the event giving rise to the damage).
We keep your Personal Data for no longer than necessary for the purposes for which the Personal Data is processed. The length of time for which We retain Personal Data depends on the purposes for which We collect and use it and/or as required to comply with applicable laws and to establish, exercise or defend Our legal rights.
Except as required by applicable laws or in order to defend any actual or possible legal claims, We will take reasonable steps to return or irretrievably delete all personal data processed on behalf of Our Customers when it is no longer required to exercise or perform Our rights or obligations under Our Terms of Service, and in any event within 90 days of expiry or termination of Our Terms of Service.
If at any time We would like to disclose your Personal Data to a third party in a manner not described above, We will provide you with an affirmative or explicit (opt in) choice. To limit the use and disclosure of your Personal Data, you may also submit a written opt-out request to email@example.com. Customer Visitors specifically have the right to opt out of data tracking by visiting https://static.chartbeat.com/opt-out.html
As noted above in relation to Our Customers specifically, Customers are automatically opted-in to receive marketing emails from us when they register for the Service. Customers may choose not to receive marketing emails from Us and can opt out of such e-mails by utilizing the unsubscribe links provided therein.
In addition, you have certain rights in relation to your Personal Data. If you would like further information in relation to these or would like to exercise any of them, please contact Us via email at at firstname.lastname@example.org at any time.
Please note that We do not retain IP addresses, browser information or header information relating to Customer Visitors for more than a temporary period of time in order to provide the Service, and as such, that information cannot be accessed or modified once deleted.
You have the following rights; however, if you are Customer Visitor, except as may otherwise be set forth below, you must exercise these by contacting the Customer which operates the Customer Website that you are visiting and which gives rise to your right to exercise:
You have a right of access to any Personal Data We hold about you. You can ask Us (or if you are a Customer Visitor, the Customer which operates the Customer Website that you are visiting) for a copy of your Personal Data; confirmation as to whether your Personal Data is being used by Us; details about how and why it is being used; and details of the safeguards which are in place if We transfer your information outside of the United Kingdom or the European Economic Area ("EEA").
You have a right to request an update to any of your Personal Data which is out of date or incorrect.
You have a right to ask Us (or if you are a Customer Visitor, the Customer which operates the Customer Website that you are visiting) to delete any Personal Data which is being held about you in certain specific circumstances. You can ask Us (or if you are a Customer Visitor, the Customer which operates the Customer Website that you are visiting) for further information on these specific circumstances. When applicable, contact Us at email@example.com.
We will pass your request onto other recipients of your Personal Data unless that is impossible or involves disproportionate effort. You can ask Us who the recipients are, by contacting us at firstname.lastname@example.org.
You have a right to ask Us (or if you are a Customer Visitor, the Customer which operates the Customer Website that you are visiting) to restrict the way that We process your Personal Data in certain specific circumstances. You can ask Us (or if you are a Customer Visitor, the Customer which operates the Customer Website that you are visiting) for further information on these specific circumstances. Contact Us at email@example.com.
We will pass your request onto other recipients of your Personal Data unless that is impossible or involves disproportionate effort. You can ask Us who the recipients are by contacting us at firstname.lastname@example.org.
You have a right to ask Us to stop using your Personal Data for direct marketing purposes. If you exercise this right, We will stop using your Personal Data for this purpose. In any event, we do not use Customer Visitor Personal Data for this purpose
You have a right to ask Us to provide your Personal Data to a third party provider of services.
This right only applies where We use your Personal Data on the basis of your consent or performance of a contract; and where Our use of your information is carried out by automated means.
You have a right to ask Us to consider any valid objections which you have to Our use of your Personal Data where We process your Personal Data on the basis of Our or another person's legitimate interest.
We will consider all such requests and provide Our response within a reasonable period (and in any event within one month of your request unless We tell you We are entitled to a longer period under applicable law). Please note, however, that certain Personal Data may be exempt from such requests in certain circumstances, for example if We need to keep using the information to comply with Our own legal obligations or to establish, exercise or defend legal claims. If an exception applies, We will tell you this when responding to your request. We may request you provide Us with information necessary to confirm your identity before responding to any request you make. Further, if you are Customer Visitor, you may be required to make your request by contacting the Customer which operates the Customer Website that you are visiting and which gives rise to your request.
The following details the categories of Personal Data that we collect and have collected over the past twelve (12) months from Chartbeat Site Visitors: personal identifiers; customer records identified by state law (including the California Customer Records statute (Cal. Civ. Code § 1798.80(e)); internet or other similar network activity information; and geolocation data.
Over the past twelve (12) months, we have disclosed the following categories of Personal Data from Chartbeat Site Visitors to service providers or other parties for business purposes: personal identifiers; customer records identified by state law (including the California Customer Records statute (Cal. Civ. Code § 1798.80(e)); internet or other similar network activity information; and geolocation data.
Over the past twelve (12) months, we have not sold your Personal Data, as the term "sell" is defined in the California Consumer Privacy Act ("CCPA").
You have the right to request certain information about our collection and use of your Personal Data over the past 12 months. We will provide you with the following information as a Chartbeat Site Visitor:
You have the right to request that we delete the Personal Data that we have collected from you as a Chartbeat Site Visitor. Under the CCPA, this right is subject to certain exceptions: for example, we may need to retain your Personal Data to provide you with the Services or complete a transaction or other action you have requested. If your deletion request is subject to one of these exceptions, we may deny your deletion request.
Exercising Your Rights
To exercise the rights described above, you must send us a request that (1) provides sufficient information to allow us to verify that you are the person about whom we have collected Personal Data, and (2) describes your request in sufficient detail to allow us to understand, evaluate, and respond to it. Each request that meets both of these criteria will be considered a "Valid Request." We may not respond to requests that do not meet these criteria. We will only use Personal Data provided in a Valid Request to verify you and complete your request. You do not need an account to submit a Valid Request.
We will work to respond to your Valid Request within 45 days of receipt. We will not charge you a fee for making a Valid Request unless your Valid Request(s) is excessive, repetitive, or manifestly unfounded. If we determine that your Valid Request warrants a fee, we will notify you of the fee and explain that decision before completing your request.
You may submit a Valid Request using the following methods:
• Call us at: (646) 786-8472
• Emailing us at: email@example.com
We Will Not Discriminate Against You for Exercising Your Rights Under the CCPA.
We will not discriminate against you for exercising your rights under the CCPA. We will not deny you our goods or services, charge you different prices or rates, or provide you a lower quality of goods and services if you exercise your rights under the CCPA. However, we may have different tiers of Services as allowed by applicable data protection laws (including the CCPA) with varying prices, rates, or levels of quality of the goods or services you receive related to the value of Personal Data that we receive from you.
k. Nevada Residents. If you are a resident of Nevada, you have the right to opt-out of the sale of certain Personal Data to third parties who intend to license or sell your Personal Data. You can exercise this right by contacting us at firstname.lastname@example.org] with the subject line "Nevada Do Not Sell Request" and providing us with your name and the email address associated with your account. Please note that we do not currently sell your Personal Data (as sales are defined in Nevada Revised Statutes Chapter 603A).
Like many other websites, We use a standard technology called "cookies."
Cookies are small pieces of information stored on your hard drive. They can help make the Internet experience quicker and more convenient.
Cookies allow Customers to login without entering their user ID and password each time they use the Service.
If a Customer does not allow the placement of Chartbeat cookies on its Customer Website, the "new vs. returning user" data point in its Chartbeat dashboard will not be accurately reported. If you choose to remove Chartbeat cookies, please refer to the documentation for your browser.
Most browsers have an option for turning off the cookie feature, which will prevent your browser from accepting new cookies, as well as (depending on the sophistication of your browser software) allowing you to decide on acceptance of each new cookie in a variety of ways. If a Customer disables cookies, it will not be able to use the data tracking capabilities of the Service.
Chartbeat uses several cookies:
Our Site may contain links to third party websites. Please be aware that We are not responsible for the privacy practices of third party websites you choose to visit. If you provide any Personal Data directly to parties other than Us, different rules may apply to the use or disclosure of that Personal Data. We encourage you to investigate and ask questions before disclosing your Personal Data to third parties.
We may choose to deploy advertising on the Site and Service that is delivered to Chartbeat Visitors and Customers through a third party's advertising server. Information about Chartbeat Visitors and Customers' use of Our Service, such as the number of times a visitor has viewed an ad (but no Personal Data of the user), would be used in such a scenario to serve ads to Chartbeat Visitors and Customers.
Please be aware that whenever one voluntarily discloses Personal Data online - e.g., on message boards, in chat areas, in file uploads, through events, etc. - that information becomes public and can be collected and used by others and indexed in search engines. We have no control over, and take no responsibility for, the use, storage or dissemination of such publicly disclosed Personal Data. By posting Personal Data online in public forums, users may receive unsolicited messages from other parties.
In compliance with the Children's Online Privacy Protection Act (COPPA) and applicable European data privacy laws, We do not knowingly provide access to the Service to persons under the age of eighteen (18). If We learn that any user of the Service is under the age of eighteen (18), We will take appropriate steps to remove that user's information from Our records and We will restrict that individual from future access to the Service. Please contact us at privacy@chartbeat if you are aware that we may have inadvertently collected Personal Data from a child.
We process all Personal Data in facilities in the United States. Personal Data is either collected in the United States, obtained through websites which are hosted in the United States, or transferred to the United States from websites which are hosted outside of the United States.
Chartbeat is subject to the investigatory and enforcement powers of the Federal Trade Commission in respect of any failure to comply with the Privacy Shield.
In accordance with our Data Processing Addendum, which is incorporated into our terms of service, we utilize the standard contractual clauses for authorizing transfers of EU personal data to the US.
We have also appointed an EU based representative who can be contacted at: email@example.com
You may also make a complaint to the UK Information Commissioner's Office or the data protection regulator in the country where you usually live or work, or where an alleged infringement of the General Data Protection Regulation has taken place. Alternatively, you may seek a remedy through the courts if you believe your rights have been breached.
Chartbeat has further committed to refer unresolved privacy complaints under the EU-US and Swiss-US Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit http://www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint.
Provided certain conditions are met, you may also be entitled to invoke binding arbitration before a Privacy Shield Panel for residual claims about whether Chartbeat has violated its obligations to you under the Privacy Shield, and if that violation remains fully or partially unremedied.