Privacy Notice: Siteimprove Services

Updated: 3 July 2019

1. Introduction

Siteimprove respects your privacy and is committed to protecting it. This notice explains how Siteimprove processes the personal data of customers and other individuals through the Siteimprove Intelligence Platform (the “Services”).

1.1. How does Siteimprove define personal data?

Personal data is defined in the General Data Protection Regulation as any information that directly or indirectly identifies or is identifiable to you as a natural person. Personal data includes your name, address, e-mail, telephone number, IP address, or any other identifier through which you may be contacted online or offline.

Siteimprove does not sell or share your personal data with anyone outside of Siteimprove. Through the Services, Siteimprove does not seek to collect any sensitive data (e.g., health or sex life information; political opinions or religious/philosophical beliefs; trade-union membership; or racial or ethnic origin).

1.2. Who is responsible for processing your personal data?

The Siteimprove affiliate with which you have signed a contract is responsible for the processing of your personal information. Contact information for the Siteimprove affiliate can be found here.

If you have any questions about the processing of your personal data by Siteimprove or the information in this notice, please contact:

privacy@siteimprove.com

OR

Mads Sørensen, General Counsel

Sankt Annæ Plads 28

DK-1250 Copenhagen

Denmark

mso@siteimprove.com

2. Processing (personal) data through the Siteimprove Intelligence Platform

At customers' authorization, Siteimprove runs the Siteimprove Intelligence Platform on customers' websites. Customers are the data controllers and responsible for establishing the legal basis for the use of the Siteimprove Intelligence Platform. Siteimprove encourages customers to conclude a data processing agreement with Siteimprove. More information about Siteimprove's DPA-template here: 

The Siteimprove Intelligence Platform is only intended for use on the publicly available websites and the processing of personal data on those websites.

2.1. What personal data does Siteimprove get process through the Siteimprove Intelligence Platform?

The Siteimprove Intelligence Platform is designed and developed to collect and process content on customers’ websites, such as storage of cached copies of customers’ website content. Accordingly, Siteimprove will also collect personal data appearing from customers’ websites. The categories of personal data collected through the Siteimprove Intelligence Platform depend on the content of the websites but will most likely not include processing special categories of personal data.

If using Siteimprove Analytics, IP addresses of visitors to the customer’s website will also be processed unless IP anonymization has been set as standard by the customer.

If using Siteimprove Ads, emails connected to customer's existing Google accounts will also be processed. 

2.2. How does Siteimprove get personal data in these instances?

Siteimprove collects and processes personal data belonging to any individual appearing on customers' websites on which the Siteimprove Intelligence Platform is used. Collection of personal data occurs when the Siteimprove Intelligence Platform crawls customers' websites.

2.3. What is the legal basis for processing personal data in these instances?

Customer acts as the data controller and determines the legal basis.

2.4. Does Siteimprove use any sub-processors in these instances (and why)?

Siteimprove uses two sub-processors for data storing:

- Interxion, Denmark (server/storage vendor)

- Amazon Web Services, Germany (server/storage vendor)

2.5. How long does Siteimprove keep personal data in these instances?

Crawls of customers' websites will be overwritten after five days while under contract. Following termination of the contract, scans will be removed from the backup scheme within 30 days. 

2.6. Is Siteimprove transferring personal data outside the EU/EEA?

Personal will not be transferred to vendors outside the EU/EEA.

2.7. What rights to I have to the personal data processed by Siteimprove?

1. You have the right to request access to and rectification or erasure of your personal data.
2. You have the right to object to the processing of your personal data and have the processing of your personal data restricted. 
3. You have an unconditional right to object to the processing of your personal data for direct marketing purposes. 
4. If processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. Your withdrawal will not affect the lawfulness of the processing carried our before you withdrew your consent. You may withdraw your consent by emailing privacy@siteimprove.com. 
5. You have the right to receive your personal data in a structured, commonly used and machine-readable format. 
6. You may always lodge a complaint with a data protection supervisory authority, e.g. The Danish Data Protection Agency. 

Be advised that there may be legal conditions or limitations on these rights. If you wish to inquire about or exercise your right to the above rights, please contact us at: privacy@siteimprove.com.

3. Processing personal data of customer users and prospect contacts

3.1. Processing activities in general

Siteimprove processes personal data of customers and prospects for various reasons. 

Siteimprove acts as the data controller for the processing of personal data of customers and prospects.

3.2. What personal data about customers and prospects does Siteimprove collect?

This depends on the specific customer and prospect. Personal data may include, but is not necessarily limited to: name, address, phone, photo, email, CVR/VAT, bank account etc.

3.3. What is the legal basis for processing personal data in these instances?

Processing personal data of customer users and prospect contacts is based on either consent, legitimate interest or because it is necessary for the performance of a contract. 

3.3. How does Siteimprove collect personal data from customers and prospects?

Siteimprove collects and processes personal data of customers as it is provided by customers when buying the Siteimprove Intelligence Platform and/or when the register as users in the platform and/or by other means provide Siteimprove with personal data during the contractual relationship. 

Siteimprove collects and processes personal data of prospects (potential customers) as provided by them through forms as a result of Siteimprove's direct marketing initiatives.  

3.4. For what purposes does Siteimprove process personal data of customers and prospects?

Technical Support: Processes personal data of customers in order to setup logon to the Siteimprove Intelligence Platform, to configure the Siteimprove Intelligence Platform to customer preferences, to create custom reporting, and to respond to customers' requests for technical support. 

Marketing: Processes personal data of customers in order to directly market existing and potential customers, and create casestudies based on customer usage of the Siteimprove Intelligence Platform. 

Finance: Processes personal data of customers and users in order to facilitate the sending of invoices and receipt of payment. 

Customer Success and Customer Experience: Processes personal data of customers to provide them with onboarding, guidance, in-platform help etc. 

Development: Processes personal data in order to facilitate customers' participation in testing of new features within the Siteimprove Intelligence Platform.

3.5. What is the legal basis for processing personal data of customers and prospects?

The legal basis for processing personal data of customers and prospects varies depending on the specific customer and prospect as well as the specific purposes for the processing activities. 

Siteimprove uses the following legal basis for processing personal data of customers and prospects:

- Consent
- Necessary for the performance of the contract on the purchase of Siteimprove Intelligence Platform between customers and Siteimprove.
- Legitimate interest

3.6. Does Siteimprove share personal data of customers and prospects with third-parties (and why)?

Siteimprove may share personal data of customers and prospects with Suppliers in accordance with the above mentioned purpose(s). 

Following Siteimprove Suppliers may have access to personal data of customers and prospects:

- Customer Thermometer (Customer satisfaction survey system)
- Zendesk (IT ticket management system)
- Totango (Customer success system) 
- Hubspot (Marketing management system)
- Docusign (E-signature system)
- Google Ads Customer Match (US customers only - Online ad marketing)
- GoToMeeting (Meeting Management System)
- Academy Plus (Courses through Platform)
- Pendo (In-Platform help)
- Danske Bank (Siteimprove Bank) and where relevant, the local bank of the country handling customer payments.

3.7. How long does Siteimprove retain personal data of customers and prospects?

Siteimprove will process personal data as long as it is necessary in order to fullfill the purpose(s) mentioned. 

3.8. Is Siteimprove transferring my personal data outside the EU/EEA?

Siteimprove transfers personal data of customers and prospects to a few suppliers in the US. 

Such transfers only take place for the specific purposes mentioned above such as marketing and support functionalities. 

These transfers are based on either "Standard Contractual Clauses" as published by the Commission of the European Union, or an adequacy decision where the supplier is a member of Privacy Shield.  

Below is the current list of US-based vendors to which Siteimprove currently transfers personal data:

- Docusign
- Hubspot
- GoToWebinar
- Totango
- Academy Plus

3.9. What rights do I have to the personal data processed by Siteimprove?

1. You have the right to request access to and rectification or erasure of your personal data.
2. You have the right to object to the processing of your personal data and have the processing of your personal data restricted. 
3. You have an unconditional right to object to the processing of your personal data for direct marketing purposes. 
4. If processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. Your withdrawal will not affect the lawfulness of the processing carried our before you withdrew your consent. You may withdraw your consent by emailing privacy@siteimprove.com. 
5. You have the right to receive your personal data in a structured, commonly used and machine-readable format. 
6. You may always lodge a complaint with a data protection supervisory authority, e.g. The Danish Data Protection Agency. 

Be advised that there may be legal conditions or limitations on these rights. If you wish to inquire about or exercise your right to the above rights, please contact us at: privacy@siteimprove.com.