Privacy Notice: Siteimprove Services

Updated: June 2020

1. Introduction

Siteimprove respects your privacy and is committed to protecting it. This notice explains how Siteimprove processes the Personal Data of customers and other individuals through the Siteimprove Intelligence Platform (the “Services”).

1.1. How does Siteimprove define Personal Data?

“Personal data” as defined in the General Data Protection Regulation (GDPR) and “personal information” as defined in the California Consumer Privacy Act (CCPA) shall have the same meaning as in the respective legislation (in the following both are referred to as “Personal Data”).Personal Data includes your name, address, e-mail, telephone number, IP address, or any other identifier. For information on what Personal Data Siteimprove processes through the Siteimprove Intelligence Platform, see Section 2.1.

Siteimprove does not sell your Personal Data. Further, Siteimprove does not share your Personal Data with third parties for other purposes than specified in this Privacy Notice. Through the Services, Siteimprove does not seek to collect any sensitive data (e.g., health or sex life information; political opinions or religious/philosophical beliefs; trade-union membership; or racial or ethnic origin).

1.2. Who is responsible for processing your Personal Data?

The Siteimprove affiliate with which you have signed a contract is responsible for the processing of your Personal Data. Contact information for the Siteimprove affiliate can be found here.

If you have any questions about the processing of your Personal Data by Siteimprove or the information in this Notice, please contact:

privacy@siteimprove.com

OR

Mads Sørensen, General Counsel

Sankt Annæ Plads 28

DK-1250 Copenhagen

Denmark

legal@siteimprove.com

2. Processing (Personal) Data through the Siteimprove Intelligence Platform

At customers' authorization, Siteimprove runs the Siteimprove Intelligence Platform on customers' websites. Customers are the data controllers and responsible for establishing the legal basis for the use of the Siteimprove Intelligence Platform. Siteimprove encourages customers to conclude a data processing agreement (DPA) with Siteimprove. Siteimprove's DPA-template can be found here.

The Siteimprove Intelligence Platform is only intended for use on the publicly available websites and the processing of Personal Data on those websites, including: name, address, photo, email and phone.

2.1. What Personal Data does Siteimprove process through the Siteimprove Intelligence Platform?

The Siteimprove Intelligence Platform is designed and developed to collect and process content on customers’ websites, such as storage of cached copies of customers’ website content. Accordingly, Siteimprove may only collect Personal Data which are present on the website on which Siteimprove services are being used. The categories of Personal Data collected through the Siteimprove Intelligence Platform depend on the content of the websites but will most likely not include processing sensitive data.

If using Siteimprove Analytics, IP addresses of visitors to the customer’s website will also be processed unless IP anonymization has been set as standard by the customer.

If using Siteimprove Ads, emails connected to customer's existing Google accounts will also be processed. 

2.2. How does Siteimprove get Personal Data in these instances?

Collection of Personal Data may occur when the Siteimprove Intelligence Platform crawls customers' websites. This may inlcude Personal Data and any other identifier which are present on the website on which Siteimprove services are being used.

2.3. What is the legal basis for processing Personal Data in these instances?

Customer acts as the data controller and determines the legal basis. Siteimprove acts as data processor and processes Personal Data on behalf of customer on the basis of a contractual relationship for the purpose of providing its services to the customer.

2.4. Does Siteimprove use any sub-processors in these instances (and why)?

Siteimprove uses two sub-processors for data storing:

- Interxion, Denmark (server/storage vendor)

- Amazon Web Services, Germany (server/storage vendor)

2.5. How long does Siteimprove keep Personal Data in these instances?

Crawls of customers' websites will be overwritten after five days while under contract. Following termination of the contract, scans will be removed from the backup scheme within 30 days. 

2.6. Where is Personal Data physically located?

Personal Data is stored in data centers located in the EU (see section 2.4 above) and will not be transferred to vendors outside the EU/EEA.

3. Processing personal data of customer users and prospect contacts

3.1. Processing activities in general

Siteimprove processes Personal Data of customers and prospects for various reasons. 

Siteimprove acts as the data controller for the processing of Personal Data of customers and prospects.

3.2. What Personal Data about customers and prospects does Siteimprove collect?

This depends on the specific customer and prospect. Personal Data may include, but is not necessarily limited to: name, address, phone, photo, email, CVR/VAT, bank account etc.

3.3. What is the legal basis for processing personal data in these instances?

Processing Personal Data of customer users and prospect contacts is based on either consent, legitimate interest or because it is necessary for the performance of a contract. 

3.4. How does Siteimprove collect Personal Data from customers and prospects?

Siteimprove collects and processes Personal Data of customers as it is provided by customers when buying the Siteimprove Intelligence Platform and/or when the register as users in the platform and/or by other means provide Siteimprove with Personal Data during the contractual relationship. 

Siteimprove collects and processes Personal Data of prospects (potential customers) as provided by them through forms as a result of Siteimprove's direct marketing initiatives.  

3.4. For what purposes does Siteimprove process Personal Data of customers and prospects?

  • Technical Support: Processes Personal Data of customers in order to setup logon to the Siteimprove Intelligence Platform, to configure the Siteimprove Intelligence Platform to customer preferences, to create custom reporting, and to respond to customers' requests for technical support.
  • Marketing: Processes Personal Data of customers and prospects in order to directly market existing and potential customers, and create case studies based on customer usage of the Siteimprove Intelligence Platform.
  • Finance: Processes Personal Data of customers and users in order to facilitate the sending of invoices and receipt of payment.
  • Customer Success and Customer Experience: Processes Personal Data of customers to provide them with on-boarding, guidance, in-platform help etc.
  • Development: Processes Personal Data in order to facilitate customers' participation in testing of new features within the Siteimprove Intelligence Platform.

3.5. What is the legal basis for processing Personal Data of customers and prospects?

The legal basis for processing Personal Data of customers and prospects varies depending on the specific customer and prospect as well as the specific purposes for the processing activities. 

Siteimprove uses the following legal basis for processing Personal Data of customers and prospects:

  • Consent
  • Necessary for the performance of the contract on the purchase of the Siteimprove Intelligence Platform between customers and Siteimprove
  • Legitimate interest

3.6. Does Siteimprove share personal data of customers and prospects with third-parties (and why)?

Siteimprove may share personal data of customers and prospects with Suppliers in accordance with the above mentioned purpose(s). 

Following Siteimprove Suppliers may have access to personal data of customers and prospects:

Processors

Description of processing

Location

SimpleSat

Customer satisfaction survey system on TechSupport tickets

 EU

Zendesk

IT ticket management system

EU

Survey Monkey Customer satisfaction survey system US

Totango

Customer success system

US

HubSpot

Marketing management system

US

Salesforce

Customer relationship management platform

EU

Pardot Marketing automation platform

US

DocuSign

E-signature system

US

Google Ads Customer Match (US customers only)

Online ad marketing

US

GoToMeeting

GoToWebinar

Meeting Management System

Webinar Management System

US

Zoom

Meeting and Webinar Management system

US

Academy Plus

Courses through Platform

US

Pendo

In-Platform help

 US

Slack

Internal communication system

US

Danske Bank (and where relevant, the local bank of the country handling customer payments.)

Siteimprove Bank

 

EU

3.7. How long does Siteimprove retain Personal Data of customers and prospects?

Siteimprove will process Personal Data as long as it is necessary in order to fullfill the purpose(s) mentioned. 

3.8. Where is Personal Data physically located?

The location of Personal Data storage of each supplier used can be found in the table in section 3.6. This means for EU Personal Data that Siteimprove transfers Personal Data of customers and prospects to a few suppliers in the US (see the table in section 3.6 above). 

Such transfers only take place for the specific purposes mentioned above such as marketing and support functionalities. 

These transfers are based on either "Standard Contractual Clauses" as published by the Commission of the European Union, or an adequacy decision where the supplier is a member of Privacy Shield.  

4. What rights do I have to the Personal Data processed by Siteimprove?

  1. You have the right to request access to and rectification or erasure of your personal data.
  2. You have the right to object to the processing of your personal data and have the processing of your personal data restricted.
  3. You have an unconditional right to object to the processing of your personal data for direct marketing purposes.
  4. If processing of your personal information is based on your consent, you have the right to withdraw your consent at any time. Your withdrawal will not affect the lawfulness of the processing carried out before you withdrew your consent. You may withdraw your consent by emailing privacy@siteimprove.com.
  5. You have the right to receive your personal information in a structured, commonly used and machine-readable format.
  6. You have the right to not receive discriminatory treatment for exercising these rights.
  7. You may always lodge a complaint with a data protection supervisory authority, e.g. The Danish Data Protection Agency.

Be advised that there may be legal conditions or limitations on these rights. If you wish to inquire about or exercise your right to the above rights, please read our Notice – Exercising your Privacy Rights or contact us at: privacy@siteimprove.com.