Cookie Notice
Your privacy is important to us. This Privacy Policy covers what we collect and how we use, disclose, transfer and store your information.
I. NAME OF THE PERSON RESPONSIBLE
The person responsible within the meaning of the GDPR and other national data protection laws of the member states as well as other data protection regulations is the
Usercentrics A/S
Havnegade 39
1058 Copenhagen
Denmark
Phone: + 45 50 333 777
Email: [email protected]
Company registration number DK34624607
You may submit inquiries regarding personal data protection, privacy and security matters to [email protected].
II. GENERAL INFORMATION ABOUT THE COLLECTION AND PROCESSING OF YOUR DATA
1. Scope of processing
In principle, we process personal data only insofar as this is necessary to provide a functioning website and our content and services. The processing of personal data takes place regularly only with consent. An exception applies to cases in which prior consent can not be obtained for reasons of fact and the processing of the data is permitted by law.
2. Legal basis
The processing of your data is either based on your consent or in case the processing is necessary for the performance of a contract to which you are a party, or in order to take steps at your request prior to entering into a contract, or based on legitimate interest, cf. GDPR art. 6(1)(a)-(b), (f).
If the processing is based on your consent, you may at any time withdraw your consent by contacting us using the contact information in clause 1.
3. Storage and deletion of your data
In principle, we only store personal data for as long as is necessary to fulfill contractual or legal obligations for which we collected the data. After that, we delete the data immediately, unless we still need the data until the expiry of the statutory limitation period for evidence purposes for claims under civil law or due to statutory retention obligations.
We delete or block the personal data of the data subject as soon as the purpose of the storage is fulfilled. It may also be stored if provided for by the European or national legislator in EU regulations, laws or regulations to which our company is subject (see details in sections 3.1-3.3). Blocking or deletion of the data also takes place when a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data for conclusion of a contract or fulfillment of the contract.
3.1. Data Retention Policy
Due to tax regulations, Account Data will be retained for up to five full fiscal years from your cancellation of your Cookiebot CMP account.
Configuration Data and System Generated Data will be erased immediately when you cancel the Cookiebot CMP account.
End User Data will be erased on an ongoing basis after 12 months from registration, and immediately when you cancel the Cookiebot CMP account.
3.2 Data Retention for Compliance with Legal Requirements
You may not require Usercentrics to change any of the default retention periods, except for the reasons for erasure pursuant to clause 3.3, but you may suggest changes for compliance with specific sector laws and regulations.
3.3 Data Restitution and/or Deletion
No data except Account Data will be retained after the termination of the Agreement. You may request a data copy before termination. You must not cancel the Cookiebot CMP account until the data copy has been delivered, as Usercentrics will not otherwise be able to deliver the data copy.
III. PROVISION OF THE WEBSITE AND CREATION OF LOG FILES
1. Scope of data processing
Usercentrics processes personal data only if this is necessary to provide a functioning website and our content and services. The processing of personal data takes place regularly only with consent. An exception applies to cases in which prior consent can not be obtained for reasons of fact and the processing of the data is permitted by law.
Any of the information we collect from you may be used for one or more of the following purposes:
1.1. To personalize your experience (the information will help Usercentrics better respond to your individual needs);
1.2. To improve our website (Usercentrics continually strives to improve our website offerings based on the information and feedback we receive from you);
1.3. To establish a primary channel of communication with you;
1.4. To enable you to scan your website for trackers;
1.5. To enable you to talk to an expert.
2. Data processed
2.1 Each time our website is accessed, our system automatically collects data and information from the computer system of the calling computer. E.g. this is information like
– Information about the type and version of your internet browser,
– The operating system of your computer or smartphone,
– Your internet service provider,
– Your IP address,
– Date and time of your access,
– Geographic location,
– Websites from which you came to us,
– Websites that you visit from our site;
We collect such technical information in so-called “log files”, so that you can display our website correctly and we can identify the causes of any technical problems, for the technical optimization of our websites and for the purpose of the security of our computer systems and networks. For these purposes, the legal basis is legitimate interest in the processing of data according to GDPR art. 6(1)(f).
The data will be deleted as soon as it is no longer necessary for the purpose of its collection. Typically, this technical information will be erased or rendered unrecognizable at the latest after seven days.
The collection of data for the provision of the website and the storage of the data in log files is essential for the operation of the website.
2.2 Each time you use our Service to scan your website, your email address will be processed and definitions of the cookies found when the Service has scanned your website(s), including reports on the result of each scan.
IV. CONTACT REQUESTS FOR PRODUCT INFORMATION, A DEMO OR OTHER CONCERNS
1. Description and scope of data processing
On our website you can contact us via various options: e.g. book a demo, request a quote, request product information, request guides, contact request form, support tickets and our chat function. If you make use of these options, the data entered in the input mask will be transmitted to us and saved. In addition to the specific input macro data, the IP address and the date and time of the request are collected and stored.
Alternatively, a contact via email address is possible. In this case, your personal data transmitted by email will be stored.
In this context, there will be no disclosure of the data to third parties, unless this is necessary for the processing of the query (for example, demo booking tool). In any case, the data will be used exclusively for processing the conversation, unless agreed upon otherwise.
2. Legal basis for processing
Legal basis for the processing of the data is in general the consent of the user, GDPR art. 6(1)(a).
3. Purpose of the data processing
The processing of personal data from the input mask is solely for the processing of your request.
4. Duration of storage
If you have booked a demo, requested product information or an offer, we reserve the right to store the data for two years to measure the profitability of our sales and marketing. Otherwise, we will delete the data as soon as it is no longer necessary to achieve the purpose of its collection. For the personal data entered in the contact form and those sent by email, this is the case when the respective conversation with you has ended. The conversation is ended when it can be inferred from the circumstances that the relevant facts have been finally clarified.
5. Revoking consent and removal possibility
You have the possibility at any time to revoke your consent to the processing of the personal data. If you contact us by email, you may object to the storage of your personal data at any time. In such a case, the conversation can not continue. All personal data stored in the course of contacting will be deleted in this case.
V. WEBINARS
Usercentrics offers from time to time webinars, to which you can sign up from our website. In these cases the data put in the sign-up form during the sign-up process will be used by Usercentrics for the purposes of the webinar and communication regarding the webinar and other relevant topics. If the webinar is organized together with a partner, then the data might be shared with them. The data is processed on the legal basis of consent, Art. 6 para. 1 s. 1 lit. a GDPR. You have the right to withdraw your consent to process your data at any time by contacting [email protected].
VI. NEWSLETTER
When signing up for the Newsletter, data entered into the input mask will also be stored, in order to provide the Newsletter. The legal basis for this processing is GDPR art. 6(1)(a). Your email address, time of subscription and the IP address used for subscribing will be retained as long as you subscribe to our Newsletter. This service is provided by means of a double-opt-in. Thus, you will receive an email containing a link by which you can confirm that you are the owner of the email address and wish to be notified via our email service. You can unsubscribe from this service at any time by contacting us at [email protected] or by opting out via the link provided in each Newsletter any time.
You will be informed by Usercentrics about relevant changes concerning the Service, such as the implementation of additional functions, by email, if you subscribe to Usercentrics’ newsletter.
Optionally, your first name, last name, company name and the country you are located in will be processed to provide you with personalized newsletters.
VII. YOU BECOME A CUSTOMER OR PARTNER OF USERCENTRICS
1. Scope of data processing
You can become a Customer or Partner of Usercentrics. Any of the information we collect from you may be used for one or more of the following purposes:
1.1 To enable you to control the user experience towards End Users and enable the Service to automatically apply the End User’s consent to other websites of yours;
1.2 To identify you as a contracting party;
1.3 To enable secure login for you in the Service Manager at cookiebot.com;
1.4 To establish a primary channel of communication with you;
1.5 To enable Usercentrics to issue valid VAT invoices and to process transactions (your information will not be sold, exchanged, transferred, or given to any other company for any reason whatsoever, without your consent, other than for the express purpose of delivering the service requested);
1.6 To enable automated handling of the subscriptions;
1.7 To produce and display cookie declarations to End Users and store and display scan report(s) to you;
1.8 To provide you with aggregated information on the choices of the End Users regarding accepted cookie types and generate a graphical representation in the Service Manager; and/or
1.9 To send periodic emails [the email address you provide for order processing may be used to send you information and updates pertaining to your order, in addition to receiving occasional company news (if accepted), updates, related product or service information, etc.]
If at any time you would like to unsubscribe from receiving future emails, you may cancel your account after login by clicking on “Cancel my account”.
2. Data processed
If you choose to register on our website and become a Customer or a Partner, four categories of data to and on behalf of you will be processed:
“Account Data”
When you register for an account on our site, place an order, subscribe to our newsletter or respond to a survey, basic contact details are collected, such as the email address and name of your contact person, company name, address, phone number, VAT number, preferred language and currency, any purchase order number, any email address of invoice recipients and masked credit card or bank account details.
“Configuration Data”
We collect your direct input to our cloud service Cookiebot (the “Service”) after login, like the domain name(s) of the website(s) where you implement the Service and configuration of the content, looks and behavior towards website visitors (“End Users”).
“System Generated Data”
The Service automatically creates and stores metadata on the basis of the other types of data, e.g.:
- In case you become a customer, subscription data, like start date, latest invoice date and the result of a mandatory VAT number validation. Issued invoices are stored so that you may access any issued invoices from within the Service Manager.
- In case you sign up for either a Cookiebot CMP account or our free GDPR/ePR test, which analyzes your website to give you an indication of whether or not your website is compliant with the rules relating to online tracking set out in the GDPR and ePR, please note that we evaluate your user behaviour when you register for our service. We record your campaign behaviour. Embedded links contain UTM parameters and other identifiers which will identify all parameters of your “clicks”.
The UTM parameters allow us to add trackable extensions to your URLs. The parameters are:- Medium: this parameter describes the medium in which the link is embedded. Examples: email, social media or website.
- Source: with this UTM parameter we define the source of the link. This can be newsletters, websites, apps or social media channels.
- Campaign: this type of UTM parameter is used to identify the actual campaigns. For example, if we send you a newsletter every month, the individual newsletters can be evaluated separately.
- Term: keywords, so that the link can be identified better.
- Content: within a campaign we insert different elements to be tracked in order to identify them clearly and evaluate them separately. Examples: button, image or video.
The identifiers are generated by the service providers listed in section 13.3 of this privacy policy. We use the identifiers in combination with conversion events, such as account creation (for example, if a trial period starts or you upgrade to a premium account) to inform the service providers about the event in relation to the provided identifiers.
- Aggregated statistical data on End User consents.
3. Legal basis for processing
Legal basis for the processing of the data, is in the presence of consent, GDPR art. 6(1)(a). With registration for a Cookiebot CMP account the legal basis is GDPR art. 6(1)(b) for the fulfillment of a contract or the implementation of pre-contractual measures.
4. Purpose of the data processing
Registration is required to fulfill the customer or partner contract or to carry out pre-contractual measures.
5. Opposition and removal possibility
You always have the option to cancel your account. You can change the data stored about you at any time. If the data is required to fulfill a contract or to carry out pre-contractual measures, premature deletion of the data is only possible, unless contractual or legal obligations preclude deletion.
VIII. COOKIES AND TRACKING TECHNOLOGIES
See Usercentrics’s Cookie Declaration at https://www.cookiebot.com/en/cookie-declaration/ for information on the cookies we use.
IX. CALIFORNIA CONSUMER PRIVACY ACT COMPLIANCE
In addition to the above mentioned, the following provisions apply specifically for residents of California, USA.
The California Privacy Laws provide users who reside in California with specific rights regarding their personal information. This section describes the customers’ rights and explains how to exercise those rights, subject to exceptions under the law.
- Your rights under California Privacy Law
- Right to Know About Personal Information Collected, Sold or Shared (“Right to Know”)
You have the right to request to know what personal information we have collected about you, including:
- The categories of personal information collected
- The categories of sources from which the personal information is collected
- The business or commercial purpose for collecting or selling personal information
- The categories of third parties with whom the personal information is shared
- The specific pieces of personal information collected about you that are permitted by law
- Right To Request Deletion of Personal Information (“Right to Delete”)
You have the right to request that we delete any of your personal information that we collect, subject to certain exceptions. Once we receive your request and verify your identity, we will delete (and direct our service providers to delete) your Personal Information from our records, unless an exception applies.
- Right to Correct Inaccurate Personal Information (“Right to Correct”)
You have the right to request correction of inaccurate personal information that we maintain about you or update the information we have on file.
- Right to Opt Out of Sale or Sharing of Your Personal Information
You have the right to opt out of the sale or sharing of personal information. Usercentrics does not sell personal information, including personal information of minors under the age of 16. You can make use of your right to opt out of the sale or sharing of personal information by clicking the “Do Not Sell Or Share My Personal Information” link at the bottom of the page.
- Right to Non-Discrimination For The Exercise Of Your Privacy Rights
You have the right to be protected from discrimination for exercising your rights. We will not discriminate against you for exercising your right.
- Right to Limit the Use of Sensitive Personal Information
Usercentrics does not use sensitive personal information in any manner that requires offering a right to limit its use.
- How To Submit a Request to Exercise Your Right to Know, Delete, or Correct
You may submit your request by sending an email to [email protected]. We will compare the information you submit to us with the information we have in our records to ensure your request meets the definition of “verifiable consumer request” under the California Privacy Laws. We will then respond to your request in accordance with the requirements.
Response Timing and Format
Usercentrics endeavor to respond to a request within forty-five (45) days of its receipt. If Usercentrics requires more time (up to 90 days), you will be informed of the reason and extension period in writing. Any disclosures provided will only cover the twelve (12) month period preceding the receipt of the verifiable request. If applicable, the response will also explain the reasons for which Usercentrics cannot comply with a request. For data portability requests, Usercentrics will select a format to provide the Personal Information that is readily usable and should allow transmission of the information from one entity to another entity without hindrance. Usercentrics does not charge a fee to process or respond to the verifiable request unless it is excessive, repetitive, or manifestly unfounded. If Usercentrics determines that the request warrants a fee, we will inform why Usercentrics made that decision and provide a cost estimate before completing the request.
- Children Under the Age of 16
Usercentrics does not knowingly collect or disclose the personal information of children under the age of 16. As stated above, Usercentrics also do not sell or share personal information, including personal information of children under the age of 16.
X. MINORS
Our services are not aimed at children under 13 years. We do not knowingly collect information from children under the age of 13. If you have not reached the age limit, do not use the services and do not provide us with your personal information. If you are a parent of a child below the age limit and you learn that your child has provided Usercentrics with personal information, please contact us at [email protected] and insist on exercising your rights of access, correction, cancellation and / or opposition. If you are resident in California and are under 18 years of age and wish to erase publicly available content, please contact us at [email protected].
XI. ONLINE PRESENCE IN SOCIAL NETWORKS
We maintain online presences in social networks in order to communicate there with customers and interested parties, among others, and to provide information about our products and services.
The users’ data is usually processed by the social networks concerned for market research and advertising purposes. In this way, usage profiles can be created based on the interests of the users and on-site behavior, if it exists. For this purpose, cookies and other identifiers are stored on the users’ computers. On the basis of these usage profiles, advertisements, for example, are then placed within the social networks but also on third-party websites.
As part of the operation of our online presences, it is possible that we can access information such as statistics on the use of our online presences, which are provided by the social networks. These statistics are aggregated and may include, in particular, demographic information and data on interaction with our online presences and the posts and content distributed via them. Please refer to the list below for details and links to the data of the social networks that we can access as operators of the online presences.
The legal basis for data processing is GDPR art. 6(1)(a)-(b), in order to stay in contact with and inform our customers and to carry out pre-contractual measures with future customers and interested parties.
For the legal basis of the data processing carried out by the social networks on their own responsibility, please refer to the data protection information of the respective social network. The links below also provide you with further information on the respective data processing and the options to object.
We would like to point out that data protection requests can be asserted most efficiently with the respective provider of the social network, as only these providers have access to the data and can take appropriate measures directly. Below is a list with information on the social networks on which we operate online presences:
- Facebook (USA and Canada: Facebook Inc., 1601 Willow Road, Menlo Park, California 94025, USA; all other countries: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland).
- Operation of the Facebook Fanpage in joint responsibility on the basis of an agreement on joint processing of personal data (so-called Page Insights Supplement regarding the controller).
- Information on the processed Page Insights data and the contact option in the event of data protection enquiries: https://www.facebook.com/legal/terms/information_about_page_insights_data
- Privacy policy: https://www.facebook.com/about/privacy/
- Opt-out: https://www.facebook.com/settings?tab=ads and https://www.youronlinechoices.com.
- Instagram (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland).
- Privacy policy: https://help.instagram.com/519522125107875
- Google/ YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland).
- Privacy policy: https://policies.google.com/privacy
- Opt-out: https://adssettings.google.com/authenticated.
- Twitter (Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland).
- Privacy policy: https://twitter.com/de/privacy
- Opt-Out: https://twitter.com/personalization.
- LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland).
- Operation of the LinkedIn company page in joint responsibility on the basis of an agreement on joint processing of personal data (so-called Page Insights Joint Controller Addendum).
- Information on the Page Insights data processed and the contact option in the event of data protection enquiries: https://legal.linkedin.com/pages-joint-controller-addendum
- Privacy policy: https://www.linkedin.com/legal/privacy-policy
- Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
- Google my business
- We operate a so-called Google My Business entry. Should you find us in this way, we make use of the information service offered by Google and the services of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter “Google”).
- We would like to point out that you use the Google site and its functions on your own responsibility. This applies in particular to the use of the social and interactive functions (e.g. commenting, sharing, rating, direct messaging). When you visit and interact with our Google My Business listing, Google also collects your IP address and other information that is present on your terminal device in the form of so-called cookies. This information is used to provide us, as the operator of the Google My Business listing, with statistical information about the use of Google services. The data collected about you in this context will be processed by Google and may be transferred to countries outside the European Union. Google generally describes what information it receives and how it is used in its privacy policy. Google provides more detailed information in its privacy policy:
- Google privacy policy
- We do not know how Google uses the data from the visit for its own purposes, to what extent activities of individual users are assigned, how long Google stores this data and whether data is passed on to third parties. When accessing Google services, the IP address assigned to your terminal device is transmitted to Google. Google also stores information about its users’ end devices; this may enable Google to assign IP addresses to individual users or user accounts.
- If you contact us via our Google My Business entry or other Google services by direct message, we cannot rule out the possibility that these messages may also be read and evaluated by Google (both by employees and automatically). We therefore advise against providing us with personal data there. Instead, another form of communication should be chosen as early as possible. We delete conversations no later than 14 days after the last chat activity, or immediately after switching to another communication channel. The use of this service is subject to the Google Privacy Policy, which you – with use – have already agreed to.
- We, as the provider of our Google My Business entry, do not collect or process any further data from your use of this Google service. Beyond that, we do not use any Google functions on our website.
XII. THIRD PARTY LINKS
Occasionally, at our discretion, we may include or offer third-party products or services on our website. These third-party sites have separate independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked websites. Nonetheless, we seek to protect the integrity of our website and welcome any feedback about these websites.
XIII. RECIPIENTS OF DATA AND DATA TRANSFER TO THIRD COUNTRIES
13.1 Recipients of Data
Usercentrics does not sell, trade or otherwise transfer to outside parties any personally identifiable information.
This does not include trusted third parties or processors who assist us in operating our website, conducting our business, or servicing you. Such trusted parties may have access to personally identifiable information on a need-to-know basis and will be contractually obliged to keep your information confidential.
We will also share data among the Usercentrics entities (Usercentrics A/S, Usercentrics GmbH, Cybot A/S (including CYBOT A/S, odštěpný závod office in Prague), Usercentrics Unipessoal, Usercentrics Inc.), here also including sharing data among Cookiebot™ and Usercentrics products when needed. All the entities may have access to personally identifiable information on a need to know basis and will be contractually obliged to keep your information confidential (joint controller agreement). See more information under section 13.3.
We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect our rights or the rights of others, property, or safety. Furthermore, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.
We only pass on the data we have collected if this is necessary for the fulfillment of the contract or for the provision of the technical functionality of the website, or if there is another legal basis for passing on the data.
In principle, we process your data ourselves. In some cases, however, we also use service providers. In addition to the processors mentioned in this privacy policy, these may include, in particular, data centers that store our website and databases, IT service providers that maintain our systems, and consulting companies. If we pass on data to processors, they may only use the data to fulfill their tasks. The processors have been carefully selected and commissioned by us. They are contractually bound to our instructions, have suitable technical and organizational measures in place to protect the rights of the data subjects and are regularly monitored by us.
In addition, disclosure may take place in connection with official enquiries, court orders and legal proceedings if it is necessary for legal prosecution or enforcement. When governments make a lawful demand for customer data from Usercentrics, Usercentrics strives to limit the disclosure. Usercentrics will only release specific data mandated by the relevant legal demand.
If compelled to disclose your data, Usercentrics will promptly notify you and provide a copy of the demand unless legally prohibited from doing so.
If Usercentrics commissions third parties with the collection, processing and use of data within the scope of commissioned processing in accordance with Art. 28 GDPR, this will also take place exclusively in compliance with the statutory provisions on data protection.
13.2 Data Transfer to third Countries
As explained in this privacy policy, we use services whose providers are partly located in so-called third countries (outside the European Union or the European Economic Area) or process personal data there, i.e. countries whose level of data protection does not correspond to that of the European Union. Where this is the case and the European Commission has not issued an adequacy decision (Art. 45 GDPR) for these countries, we have taken appropriate precautions to ensure an adequate level of data protection for any data transfers. These include, among others, the standard contractual clauses of the European Union or binding internal data protection regulations.
If a third country transfer is provided for and no adequacy decision or appropriate safeguards are in place, it is possible and there is a risk that authorities in the respective third country (e.g. intelligence services) may gain access to the transferred data in order to collect and analyze it, and that enforceability of your data subject rights cannot be guaranteed.
13.3 Processors /Trusted Third Parties
Processor | Function | Data Processing | Location | Legal Basis | Privacy Policy of Processor for further information |
---|---|---|---|---|---|
Akamai Technologies, Inc., 145 Broadway Cambridge, Massachusetts 02142 USA |
CDN provider and Internet security service (Bot Detection) Geolocation to show the right cookie banner |
IP addresses on the end user. | Database in the USA | GDPR Art. 6 (1) lit. b | https://www.akamai.com/legal/privacy-and-policies/privacy-statement |
Amplitude Inc., 201 3rd Street, Suite 200, San Francisco, CA 94103, USA | Analytics service | IP address, Geographical location | In the USA | GDPR Art. 6 (1) lit. a | https://amplitude.com/privacy |
Auth0, Inc, 10800 NE 8th Street, Suite 700, Bellevue, WA 98004, USA | Provides login and authentication options | Email address, password and IP address. If you login with Google, your name and potentially your photo will also be processed. Data will be shared among the Cookiebot™ and Usercentrics products. |
In the USA | GDPR Art. 6 (1) lit. f | https://www.okta.com/privacy-policy/ |
Beamer provided by Joincube, Inc., 3500 South Dupont Highway, Dover, DE 19901, USA | Provides method to collect customer feedback and provide customer communication like alerts | First and last name, email address, IP address, referring URL and domain, pages visited, device type, operating system and browser type | In the USA | GDPR Art. 6 (1) lit. a | https://www.getbeamer.com/privacy-policy |
BunnyWay d.o.o, informacijske storitve d.o.o. Cesta komandanta Staneta 4A 1215 Medvode Slovenia | CDN provider (used by the CB customers who choose the EU CDN provider) | P addresses (end users), Geographical location, Request URL, User Agent, User ID, Connection Times | Database in the European Union | GDPR Art. 6 (1) lit. b | https://bunny.net/privacy/#:~:text=We%20do%20not%20store |
CircleCO, Inc. (228 Park Ave S, PMB 52933, New York, NY 10003, United States of America | Platform for hosting of online courses | Name, email address, profile information, information about the uploaded and viewed content, any content entered into Circle (comments, feedback, questions, etc.) | In the USA | GDPR Art. 6 (1) lit. a | https://app.circle.so/privacy |
Datadog Inc., 620 8th Ave, 45th Floor, New York, NY 10018, United States of America | Monitoring service for cloud applications | IP address | In the USA | GDPR Art. 6 (1) lit. b | https://www.datadoghq.com/legal/privacy/ |
G2.com, Inc., 100 S. Wacker Drive, Suite 600, Chicago IL 60606, USA | Analytics service | IP address, Unique ID, Date and time of visit, Page visited, Geographical location, Website activity |
In the USA | GDPR Art. 6 (1) lit. a | https://legal.g2.com/privacy-policy |
Google Ads, Google Building Gordon House, 4 Barrow Street, Dublin D04 E5W5, Ireland By accepting the use of Google Ads, “Enhanced Conversion” will also be activated |
Advertising Web analytics service |
Gclid, Ads viewed, Cookie ID, Date and time of visit, Device info, Geographic location, IP address, Search terms, Ads shown, Impressions, Online identifiers, Browser info For Enhanced conversion: email address, phone number, name, street and number, city, zip code and country |
In Ireland and the USA | GDPR Art. 6 (1) lit. a | https://policies.google.com/privacy?hl=en |
Google Analytics, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (By consenting to the use of Google Analytics data will also be shared with Google Ads for marketing purposes. Please see above under “Google Ads” for more information about this provider.) |
Advertising Web analytics service |
Google Client ID, Click path, Date and time for visit, Device info, Location info, IP address, Pages visited, Referrer URL, Browser Info, Hostname, Browser language, Browser type, Screen resolution, Device operating system, Interaction data, User behavior, Visited URL | In Ireland and the USA | GDPR Art. 6 (1) lit. a | https://policies.google.com/privacy?hl=en |
Intercom R&D Unlimited Company, 2nd Floor, Stephen Court, 18-21 Saint Stephen’s Green, Dublin 2; Intercom, Inc. a Delaware corporation with offices at 55 2nd Street, 4th Fl., San Francisco, CA 94105, USA; |
Webchat service/chat function on our website | All information we receive in the chat function + type of account | In Ireland and the USA | GDPR Art. 6 (1) lit. a | https://www.intercom.com/legal/privacy |
LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (If you download our content directly through LinkedIn—not related to your cookie consent on cookiebot.com—data is shared with Google Ads for the purpose of retargeting. Please see above under “Google Ads” for more information about this provider.) |
LinkedIn Insight Tag (LinkedIn Pixel) – Advertising Web analytics service |
Device info, IP address, Referrer URL, Timestamp, Browser info | In the EU ( Ireland), Singapore and the USA | GDPR Art. 6 (1) lit. a | https://www.linkedin.com/legal/privacy-policy?src=li-other&veh=www.linkedin.com |
Meta Platform Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin, D02, Ireland | Facebook Pixel – Advertising Web analytics service |
FBClid, Ads viewed, Content viewed, Device info, geographic location, HTTP-header, Interactions with advertisement, services and product, IP address, Items clicked, Marketing info, Pages visited, Pixel ID, Referrer URL, Usage behavior, Facebook cookie info, Facebook user ID, Usage/click behavior, Browser info, Device operating system, Device ID, User agent, Browser type | In the EU (Ireland), Singapore and the USA | GDPR Art. 6 (1) lit. a | https://www.facebook.com/privacy/explanation |
Microsoft Ireland Operations Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland | Data hosting for CMP Advertising Web analytics service |
Consent data MSCLKID, Browser language, Clicked advertisements, GUID generated by UET tag, IP address, Microsoft cookie, Page title, Referrer URL, Screen color depth, Screen resolution, UET ID tag, Page load time, Publisher/URL accessed |
Databases are hosted on servers within EU member states, specifically Ireland with a hot fail-over mechanism to Microsoft’s datacenter in Amsterdam, the Netherlands | GDPR Art. 6 (1) lit. b | https://privacy.microsoft.com/en-gb/privacystatement |
Nexi (Nets A/S), Klausdalsbrovej 601, 2750 Ballerup, Denmark | Payment provider | Payment information, Order number, Credit Card information | Denmark Locations worldwide |
GDPR Art. 6 (1) lit. b | https://www.nexigroup.com/en/privacy-policy/ https://www.nets.eu/gdpr/pages/privacy-notice-for-nets.aspx |
PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg | Payment provider | PayPal information, Payment data, Order number, Credit Card information, Credit check and statistical data if applicable, Address data if applicable |
Worldwide | GDPR Art. 6 (1) lit. b | https://www.paypal.com/dk/webapps/mpp/ua/privacy-full |
Reddit for Business Reddit UK Limited, 5 New Street Square, London, United Kingdom, EC4A 3TW |
Advertising service | IP address, User agent, Referrer URL, Advertising cookie information, sStandard event data, Device information, Browser information, OS Version, Screen width/height, Hashed e-mails. | United States of America | GDPR Art. 6 (1) lit. a | https://www.reddit.com/policies/privacy-policy |
Salesforce, Erika-Mann-Straße 31-37, 80636 Munich, Germany (By consenting to the use of Salesforce data will also be shared with LinkedIn for marketing purposes. Please see above under “LinkedIn” for more information about this provider.) |
Pardot: This is a CRM software system that provides solutions for sales, customer service and marketing. Sales Cloud: Sales Cloud is a sales application that allows companies to manage contacts, leads, opportunities, quotes and orders. |
Account data, Contact information This data will be kept in Salesforceafter termination of the agreement with Cookiebot™. Data will be shared among the Cookiebot™ and Usercentrics products |
In the USA (San Francisco, CA) For Sales Cloud the data centers/operators where our data will be stored are located in Germany and/or France. For the system Pardot, our data will be stored in the USA. |
GDPR Art. 6 (1) lit. b | https://www.salesforce.com/company/privacy |
Sendgrid, Twilio Germany GmbH, Rosenheimer Str. 143C 81671 Munich, Germany |
Email sending provider used primarily for sending Cookiebot scan reports and invoices (paying customers only) via email | Emails | EU and the USA | GDPR Art. 6 (1) lit. b | https://www.twilio.com/legal/privacy |
Sentry/Functional Software, Inc., 45 Fremont Street, 8th Floor, San Francisco, CA 94105, USA |
Error logging for frontend errors happening for users of our product. | IP address | In the USA | GDPR Art. 6 (1) lit. b | https://sentry.io/privacy/ |
Sydbank A/S, Peberlyk 4 DK-6200 Aabenraa DENMARK |
Payment provider | Payment information, Order number, Credit Card information | Denmark | GDPR Art. 6 (1) lit. b | https://www.sydbank.dk/privat/kontakt/persondata |
Valuecase GmbH, Axel-Springer-Platz 3, 20355 Hamburg, Germany |
Mutual Project Management Software to enhance sales cycle speed and conversion rates | Name, email address, company name, and other information you include in the system as a prospect. | Germany (EU) | ||
Visma e-conomic a/sGærtorvet 1-51799 Copenhagen VDenmark | Bookkeeping and accounting system | Name, Title, Phone Number, Email address, Address Other applicable data will be processed if it is included in the voucher/invoice |
Denmark | GDPR Art. 6 (1) lit. b | https://www.e-conomic.dk/sikkerhed/privacy |
YouTube Video, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland | Advertising Web analytics service |
Gclid, Device info, IP address, Referrer URl, Video viewed | In Ireland and the USA | GDPR Art. 6 (1) lit. a | https://policies.google.com/privacy?hl=en |
Zendesk, Inc., 1019 Market Street, San Francisco, CA 94103, USA (By accepting the use of Zendesk, the following additional Zendesk features will be accepted: Zendesk Advanced AI Intelligent triage Intelligence in the context panel Generative AI for agents Macro suggestions for admins Autoreply and internal note trigger actions Generative AI for Help Center) |
Support system for better communication with you | Name, Email address, IP address, Any other information provided by you, Data will be shared among the Cookiebot™ and Usercentrics products |
Servers used are located and hosted in the EU, Frankfurt, Germany Data may be transferred to a Zendesk server in the USA and stored there. |
GDPR Art. 6 (1) lit. b | https://www.zendesk.de/company/agreements-and-terms/privacy-notice/#georedirect https://support.zendesk.com/hc/en-us/articles/5729714731290-Zendesk-AI-Data-Use-Information? |
Zoom Video Communication Inc., 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113, USA |
Cloud-based video conferencing service (ex. webinars) | Contact information (name, email address, phone number), IP address, Browser type, Location, Language preference, Referral URL, User ID, Date and time stamp |
In the USA | GDPR Art. 6 (1) lit. a | https://explore.zoom.us/en/privacy/#_Toc44414842 |
XIV. YOUR RIGHTS
If we process your personal data you have – after successful identification – the following rights towards us:
- Right to information (Article 15 GDPR)
- Right to deletion (Article 17 GDPR)
- Right to rectification (Article 16 GDPR)
- Right to restriction of processing (Article 18 GDPR)
- Right to data portability (Article 20 GDPR) – You may at any time order a complete data copy, which you may transmit to another controller of the data. Your data will be delivered within 10 working days by Usercentrics as spreadsheet files in Microsoft Excel format. Logical relations between datasets will be preserved in the form of unique identifiers. You are required to pay €1.000 (Euro one thousand) and any applicable taxes on delivery for each data copy order.
- Right to withdraw consent (Article 7(3) GDPR)
- Right to object to certain data processing activities (Article 21 GDPR).
In order to exercise your rights described here, you can contact us at any time using the contact details listed under “Name of the person responsible“.
You may at any time lodge a complaint with a supervisory authority regarding Usercentrics’ collection and processing of your personal data. In Denmark, you can lodge a complaint with the Danish Data Protection Agency.
XV. SECURITY AND INTEGRITY OF THE DATA
Protecting the information you give us or that we receive about you is our priority. We take appropriate security measures to protect your information from loss, misuse, and unauthorized access, alteration, disclosure, or destruction. Usercentrics has taken measures to ensure the ongoing confidentiality, integrity, availability and resiliency of systems and services that process personal information, and will restore the availability and access to information in the event of a physical or technical incident in a timely manner.
Find out more information in our Data Processing Agreement.
XVI. Terms of Service and Data Processing Agreement
Please also visit our Terms of Service section establishing the use, disclaimers and limitations of liability governing the use of our website and services and our Data Processing Agreement.
XVII. UPDATES
We reserve the right to update this privacy policy from time to time. In the event that we make material changes that restrict Usercentrics’ rights or obligations under this Privacy Policy, we will publish a clear notice in this section of this Privacy Policy that informs users when they are updated.
This Privacy Policy was last modified on July 1st, 2024.
Click here to see the previous Privacy policy valid until June 30th, 2024.