Privacy Notice: Siteimprove Services

Updated: 18 May 2018

Introduction

Siteimprove respects your privacy and is committed to protecting it. This notice explains how Siteimprove processes the personal data of customers through the Siteimprove Intelligence Platform (the “Services”).

How does Siteimprove define personal data?

Personal data is defined in the General Data Protection Regulation as any information that directly or indirectly identifies or is identifiable to you as a natural person. Personal data includes your name, address, e-mail, telephone number, IP address, or any other identifier through which you may be contacted online or offline.

Siteimprove does not sell or share your personal data with anyone outside of Siteimprove. Through the Services, Siteimprove does not seek to collect any sensitive data (e.g., health or sex life information; political opinions or religious/philosophical beliefs; trade-union membership; or racial or ethnic origin).

Who is responsible for processing your personal data?

The Siteimprove affiliate with which you have signed a contract is responsible for the processing of your personal information. Contact details for each of those affiliates is listed here: https://siteimprove.com/en-us/company/contact/

If you have any questions about the processing of your personal data by Siteimprove or the information in this notice, please contact:

privacy@siteimprove.com

OR

Angelo Spenillo, General Counsel

7807 Creekridge Circle

Minneapolis, MN 55439

USA

+1 612 259 9159

asp@siteimprove.com

How and why does Siteimprove get personal data?

Below, you can see the purpose(s) for which Siteimprove may collect and use your personal data and through which channels.

Use of the Siteimprove Intelligence Platform:

At your authorization, Siteimprove runs the Siteimprove Intelligence Platform on your website. You are the data controller and you are responsible for establishing the legal basis for your use of the Siteimprove Intelligence Platform.

The Siteimprove Intelligence Platform is only intended for use on public websites and the processing of ordinary personal data contained on those websites, including: name, address, photo, email, and phone.

How does Siteimprove get your personal data in these instances?

The Siteimprove Intelligence Platform crawls your website.

What is Siteimprove’s legal basis for processing your personal data in these instances?

- Necessary for the performance of the contract between you/authorized partner and Siteimprove.

Who else has access to your personal data in these instances (and why)?

- Interxion (server / storage vendor)

- Amazon Web Services (server / storage vendor)

How long does Siteimprove keep your personal data in these instances?

Siteimprove will store personal data as long as it is necessary in order to fulfill the purpose(s) mentioned. Crawls of your website will be overwritten after five days while you are under contract. Following termination of the contract, scans will be removed from the backup scheme within 30 days.

Tech Support:

Siteimprove collects your personal data to set up a logon to the Siteimprove Intelligence Platform, to configure the Siteimprove Intelligence Platform to your preferences, or to create custom data reporting. Also, Siteimprove collects your personal data to enable it to respond to your requests for technical support.

Siteimprove collects the following categories of ordinary personal data for the above purpose(s): name, address, email, and phone.

How does Siteimprove get your personal data in these instances?

You provide it directly to Siteimprove through emails or any other documents that you submit in connection with your request.

What is Siteimprove’s legal basis for processing your personal data in these instances?

- Necessary for the performance of the contract between you and Siteimprove.

Who else has access to your personal data in these instances (and why)?

- Microsoft (Office 365) (business communication software)

- Customer Thermometer (customer satisfaction survey system)

- Atlassian (software development collaboration system)

- Slack (internal messaging system)

- Zendesk (IT ticket management system)

- Totango (customer success system)

 

How long does Siteimprove keep your personal data in these instances?

Siteimprove will store personal data as long as it is necessary in order to fulfill the purposes mentioned.

Participation in Prototype Testing:

Siteimprove acts as a data controller when it requests your participation in the testing of new features.

Siteimprove collects the following categories of ordinary personal data for the above purpose(s): name, address, email, and phone.

How does Siteimprove get your personal data in these instances?

You provide it directly to Siteimprove through forms or emails.

What is Siteimprove’s legal basis for processing your personal data in these instances?

- Consent.

Who else has access to your personal data in these instances (and why)?

- Microsoft (Office 365) (business communication software)

- Slack (internal messaging system)

- GoToMeeting (meeting management system)

How long does Siteimprove keep your personal data in these instances?

Siteimprove will store personal data as long as it is necessary in order to fulfill the purposes mentioned.

Marketing:

Siteimprove acts as a data controller when it directly markets to you or creates a case study based on your use of the Siteimprove Intelligence Platform.

Siteimprove collects the following categories of ordinary personal data for the above purpose(s): name, address, photo, or email.

How does Siteimprove get your personal data in these instances?

You provide it directly to Siteimprove through forms and your contract.

What is Siteimprove’s legal basis for processing your personal data in these instances?

- Consent.

- Legitimate interest (current customers receive marketing on similar services offered by Siteimprove).

Who else has access to your personal data in these instances (and why)?

- Microsoft (Office 365) (business communication software)

- Hubspot (marketing management system)

- DocuSign (e-signature system for case study consent)

How long does Siteimprove keep your personal data in these instances?

Siteimprove will store personal data as long as it is necessary in order to fulfill the purposes mentioned or until you opt-out, whichever is sooner.

Invoicing:

Siteimprove collects your personal data in order to facilitate the sending of invoices and receipt of your payment.

Siteimprove collects the following categories of ordinary personal data for the above purpose(s): name, address, email, phone, bank account information, CVR No. or VAT number (company identification no. in Denmark; or country alternative), or credit card information.

How does Siteimprove get your personal data in these instances?

You provide it directly to Siteimprove through the contract, forms, or emails.

What is Siteimprove’s legal basis for processing your personal data in these instances?

- Necessary for the performance of the contract between you and Siteimprove.

Who else has access to your personal data in these instances (and why)?

- Microsoft (Office 365) (business communication software)

- Danske bank (Siteimprove bank)

How long does Siteimprove keep your personal data in these instances?

Siteimprove will store personal data as long as it is necessary in order to fulfill the purposes mentioned.

Is Siteimprove transferring my personal data outside the EU/EEA?

In some cases, however not in relation to data processed directly through our Services (if you are an European customer):

Siteimprove transfers your personal data to vendors in the following countries outside the EU/EEA: US.

Such transfers only take place for the specific purposes mentioned above, such as Marketing and Support functionalities. Because the US has not been deemed by the Commission of the European Union to have an adequate level of protection of personal data, Siteimprove provides appropriate safeguards for the transfer. Specifically, Siteimprove makes contractual arrangements with vendors in the US with the "Model Contracts for the Transfer of Personal Data to Third Countries", as published by the Commission of the European Union, or any other contractual agreement approved by the competent authorities. You may obtain a copy of (or access to) these terms by contacting us at privacy@siteimprove.com. Below is the current list of US-based vendors to which Siteimprove currently transfers personal data:

  • Microsoft
  • DocuSign
  • Slack
  • Zendesk
  • Atlassian
  • Hubspot
  • GoToWebinar / GoToMeeting
  • Totango

What rights do I have to the personal data that Siteimprove processes?

  1. You have the right to request access to and rectification or erasure of your personal data.
  2. You have the right to object to the processing of your personal data and have the processing of your personal data restricted.
  3. You have an unconditional right to object to the processing of your personal data for direct marketing purposes.
  4. If processing of your personal information is based on your consent, you have the right to withdraw your consent at any time. Your withdrawal will not affect the lawfulness of the processing carried out before you withdrew your consent. You may withdraw your consent by emailing privacy@siteimprove.com.
  5. You have the right to receive your personal information in a structured, commonly used and machine-readable format.
  6. You may always lodge a complaint with a data protection supervisory authority, e.g. The Danish Data Protection Agency.

Be advised that there may be legal conditions or limitations on these rights. If you wish to inquire about or exercise your right to the above rights, please contact us at: privacy@siteimprove.com.