Privacy Policy

Table of Contents

1. Our processing activities

The personal information we  collect about you varies depending on your interactions with us, such as when you use our products or services as an authorised user or visit our websites and Platforms. This privacy policy does not apply to third party services that use and implement our products and services, and you should refer to their own policies.

2. Types of information we collect

We will collect personal information from a variety of sources, including from you directly (e.g. when you contact us), automatically (e.g. your IP address) and from other sources (e.g. social media sites).

2.1 Information we collect directly from you

2.2 Information we collect automatically

2.3 Information we collect from other sources

3. How we use the information we collect

We use information we collect about you primarily to provide our services/products to you, and we must have a legal basis to process your personal information, such as to fulfil our contractual obligations to you or to meet our legitimate interests.

4. How we share the information we collect

We will share information about you with third-parties, such as service providers and law enforcement agencies, when you use our products or services.

5. Sales of information to other parties

We may share personal information we collect about you with other parties, such as with our affiliate Crownpeak group companies and marketing partners.

6. Your rights

Subject to local law, you have certain rights relating to your personal information, including the right to access and erase your information.

7. Email communication, advertising and tracking preferences

You can manage and adjust your settings regarding marketing communications you receive from us and cookies.

8. Information security and storage

We take certain technical, organisational and physical security measures to help protect the information we receive.

9. How long is information retained?

We may retain your personal information for as long as we have a relationship with you and for a period of time after our relationship with you has ended.

10. Our commitment to children's privacy

We do not knowingly collect personal information from anyone under the age of 18.

11. Where we may transfer your information

Your personal information may be transferred globally in accordance with appropriate safeguards.

12. Information Related to Data Collected on the Crownpeak Platforms

Covers our collection, use and disclosure of personal information that we collect through our Platforms. The use of information collected through our service is limited to the purpose of providing the service for which our customer has engaged Crownpeak.

13. Contact us

You can contact us if you would like to exercise your rights, or if you have any questions or concerns.

14. Changes to the policy

We may update the policy from time to time and will notify you if we make any material changes to how we process your information.

15. Cookie Policy

Privacy Policy

Crownpeak Technology, Inc. and its subsidiary Evidon Inc. ('we', 'us',  'Crownpeak,' or ‘Company’) has created this privacy policy in order to demonstrate our firm commitment to your privacy, which is important to us. This privacy policy describes how we collect and process personal information about you; how we use and protect this information, and your rights in relation to this information. It also describes your choices regarding use, access and correction of your personal information, as well as your rights in determining what we do with the information that we collect or hold about you. Our goal is to empower you by giving you straightforward and clear information so you can make informed decisions about our products and services.

This privacy policy also covers our collection, use and disclosure of personal information that we collect through our Crownpeak DG, DXM and DQM platforms. The use of information collected through our service is limited to the purpose of providing the service for which our client has engaged Crownpeak.

1. Our processing activities 

Top

This privacy policy applies to the processing of personal information by us when you:

  • Visit our websites that display our link to this privacy policy;
  • Use our products and services (e.g. Crownpeak Digital Governance (DG), Digital Experience Management (DXM) and Digital Quality Management (DQM) platforms) (collectively, the "Platforms") as an authorized user (e.g., an employee of one of our customers who provided you with access to our products);
  • Receive communications from us, including emails, etc.
  • Visit our offices;
  • Register for, attend and/or otherwise take part in our events or webinars; and
  • Participate in the Crownpeak community.

2. Types of information we collect Top

We collect personal information from you when you use our websites or Platforms, or from third party sources. Personal information is information, or a combination of pieces of information that could reasonably allow you to be identified. As used in this Privacy Policy, “personal information” does not include:

  • Information that is lawfully made available from federal, state or local government records.
  • Deidentified or aggregated information.
  • Information excluded from the scope of the California Consumer Privacy Act of 2018 (“CCPA”).

Information about our data collection during the prior twelve (12) months is further described below.

You can access, delete and control certain uses of your information as set form in the “Your rights” section below.

2.1 Information we collect directly from you Top

  • personal details (e.g. name, job description, title), contact details (e.g. phone number, email address, postal address or mobile number) and authentication details (e.g. user identification number, username, password to access the services) which we use to provide you our services, deliver marketing messages to you, verify your identity, provide customer support and administer and host our events;
  • content of any correspondence between you and us, which we use to provide you customer support and communicate with you about our services or Platforms; and
  • profile information (e.g. information that you add to any profile that you create through our website or the Platforms which we use to identify you and register you to use such websites or Platforms.

See “How we use the information we collect” below for more detail on how we use the above categories of personal information.

2.2 Information we collect automatically Top

We also collect information about you automatically when you visit our website and Platforms, including:

  • Online identifiers such as your IP address, your URL address (uniform resource identifier), your domain name, your browser type, your operating system, your internet service provider
  • Online activity such as the pages you view, the duration of your visit, the pages you view immediately before and after you access the website/Platform and if you are referred to our website via a third party we will determine the referring site (e.g. an ad, a search engine, or media piece).
  • Geographic location information from your IP address.

We may store these in log files and combine it with other information we collect about you. We do this to improve and enable services we offer you, marketing, analytics, product functionality, and website functionality.

We collect this information using cookies and similar methods. A cookie is simply a piece of text, which can be placed on the browser of your personal computer and subsequently read when you visit a website. For instance, when you return to our websites after logging in, cookies provide information to the websites so they remember who you are. Further information about our use of cookies and other tracking technologies is available in our Cookie Policy.

See “How we use the information we collect” below for more detail on how we use the above categories of personal information.

2.3 Information we collect from other sources Top

We may collect information about you from third-parties including social media and content syndicators and retain only for the minimum amount of time required by law. The following are examples of the categories of information we may collect from other sources:

  • personal details (e.g. name, role, title) which we use to communicate about Crownpeak products and promotions; and
  • contact details (e.g. phone number, email address, postal address or mobile number) which we use to communicate about Crownpeak products and promotions; and
  • IP addresses (only for the purposes of recording consent and not associated with any online activity (e.g. website visited)) are retained for a minimal amount of time.

Our website and Platforms may integrate with social networking services. We do not control such services and are not liable for the manner in which they operate. While we may provide you with the ability to use such services in connection with our website and Platforms, we are doing so merely as an accommodation and, like you, are relying upon those third party services to operate properly and fairly.

You should be aware that personal information which you voluntarily include and transmit online in a publicly accessible blog, social network or otherwise online may be viewed and used by others. We are unable to control such uses of your personal information, and by using such services you assume the risk that the personal information provided by you may be viewed and used by third parties.

See “How we use the information we collect” below for more detail on how we use the above categories of personal information.

3. How we use the information we collect Top

We use your personal information to:

  • identify you and create a profile when you register with us to use our services or Platforms;
  • verify your identity when you access and use our Platforms to ensure the security of your information;
  • provide customer support (e.g. if you have issues logging in or using our services);
  • administer and host our events and/or webinars, which you register or attend;
  • improve the services and products we offer to you to provide you and other customers with the best possible service, and make it more usable and appealing;
  • perform data analytics, including creating reports to provide our partners with aggregated information about how users interact with their sites, and providing aggregated trend reports to third parties;
  • communicate with you about our services and/or Platforms, including providing you with information about features and possible changes to our privacy policy or terms of use;
  • deal with your enquiries and requests (e.g. following a training session or a demonstration of our products);
  • send you promotional and marketing information (e.g. news, special offers) about our products and services, unless you have opted out of marketing, or if we are otherwise prevented by law from doing so;
  • personalise the marketing messages we send you to make them relevant by analysing the details of the products and services you have with us to make suggestions for other products or services which we believe you will also be interested in;
  • ensure that our records are kept accurate and up to date where you, your employees or contractors work on our facilities;
  • defend ourselves against legal claims and/or comply with legal obligations to which we are subject (e.g. providing information to HMRC and prevent money laundering); and
  • retarget ads to you on third party websites based on visits to our website (e.g., when you visit our site, we will drop a cookie. When you visit other websites, this cookie may enable us to display our ads to you on these third party websites). This allows us to make special offers and continue to market our services to those who have shown interest. We do not collect any information that directly identifies you (e.g. name or email address) and we rely instead on other ways to identify you, such as cookies. If you wish to not have this information used for the purpose of serving you interest-based ads, you may opt-out by clicking https://cop.evidon.com/ Or if located in the European Union, click http://youronlinechoices.eu. Please note this does not opt you out of being served ads. You will continue to receive generic ads. For more information, please see our cookie policy.

We must have a legal basis to process your personal information. In most cases the legal basis will be one of the following:

  • to fulfil our contractual obligations to you, for example to provide the services you request, and for ensuring you are able to access our premises when required. Failure to provide this information may prevent or delay the fulfilment of these obligations;
  • to comply with our legal obligations to you, for example to obtain proof of your identity to enable us to meet our fraud prevention and anti-money laundering obligations; and
  • to meet our legitimate interests, for example, to ensure that the services function correctly with our systems. When we process personal information to meet our legitimate interests, we put in place robust safeguards to ensure that your privacy is protected and to ensure that our legitimate interests do not override your interests or fundamental rights and freedoms.

4. How we share the information we collect Top

We may share your personal information with third parties under the following circumstances:

  • Service providers and business partners. We may share your personal information with companies that perform services on our behalf, including improving functionality of our Platforms and websites, collecting information about you and assisting us with IT and social media management and data analytics.These companies are authorized to use your personal information only as necessary to provide these services to us. In such cases, these companies must abide by our data privacy and security requirements and are now allowed to use personal information they receive from us for other purposes;
  • Crownpeak group companies. Crownpeak Technology, Inc. works closely with other businesses and companies that fall under the Crownpeak group of companies. We may share your personal information with other Crownpeak group companies for marketing purposes, internal reporting, customer insights and service optimization, by way of examples.
  • Law enforcement agency, court, regulator, government authority or other third party. We may share your personal information with these parties where we believe this is necessary to comply with a legal or regulatory obligation such as to comply with a subpoena or other legal process, or otherwise to protect our rights or the rights of any third party, investigate fraud, or respond to a government request.
  • Restructuring. We may share your personal information during the course of business negotiations and transactions (for example, a reorganisation, merger, sale, or transfer of some or all of our assets) to the extent necessary to facilitate the restructuring. In such an event, you will be notified via email and/or a prominent notice on our website of any change in ownership, incompatible new uses of your personal information, and choices you may have regarding your personal information.
  • In the context of Crownpeak hosted events and/or webinars. We may share your personal information (e.g., name, email, job title) with our sponsors with your consent, if required by applicable law. For Company-sponsored events, we may share your personal information with other attendees via a mobile app which is used to facilitate locating attendees.

5. Sales of information to other parties Top

We may sell your personal information to third parties, subject to your right to opt-out of those sales (See “Your rights” below).

In the preceding twelve (12) months, we have sold the following categories of personal information:

  • Personal identifiers;
  • California Customer Records personal information categories;
  • Commercial information;
  • Internet or other similar network activity;
  • Inferences drawn from other personal information;
  • Location data; and
  • Professional or employment-related information.

6. Your rights Top

Subject to local law, you have certain additional rights regarding your personal information, including the following rights to:

  • access your personal information;
  • rectify the information we hold about you;
  • erase your personal information;
  • restrict our use of your personal information;
  • object to our use of your personal information;
  • not be subject to a decision based solely on automated processing, including profiling, which produces legal effects;
  • receive your personal information in a usable electronic format and transmit it to a third party (also known as the right to data portability);
  • lodge a complaint with your local data protection authority; and
  • withdraw any consent you have given to uses of your personal information (such as in relation to cookies or our direct marketing activities).

We encourage you to contact us to update or correct your information if it changes or if the personal information we hold about you is inaccurate. We will respond to your request within a reasonable timeframe. Please note that we will likely require additional information from you in order to honor your requests.

Your request should be directed to https://www.crownpeak.com/about/data-subject-access-request.

If you would like to discuss or exercise such rights, please contact us at the details below.

The California Consumer Privacy Act
If you reside in California or in a jurisdiction that provides similar rights, under the California Consumer Privacy Act (“CCPA”), in addition to the erasure and portability rights mentioned above, you have specific rights regarding your personal information, including:

  • Right to Know About Personal Information Collected, Disclosed or Sold. You have the right to request that we disclose certain information to you about our collection, use, disclosure or sale of your personal information over the prior twelve (12) months. Once we receive and confirm your verifiable consumer request, subject to certain limitations that we describe below, we will disclose such information to you. You have the right to request any or all of the following:
    • The categories of personal information we collected about you.
    • The categories of sources from which the personal information is collected.
    • Our business or commercial purpose for collecting or selling that personal information.
    • The categories of third parties with whom we share that personal information.
    • The specific pieces of personal information we collected about you

To exercise the right to know about personal information described above (or the right to erasure or portability under CCPA), please submit a request to us by either:

Only you, or a person or business entity registered with the California Secretary of State that you authorize to act on your behalf (an “authorized agent”), may make the requests set forth above. You may also make a request on behalf of your minor child.

The request should include your contact information and describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. In addition, you should provide sufficient information (including valid e-mail address) that allows us to reasonably verify that you are the person about whom we collected the personal information or an authorized representative.

We will respond to consumer requests in a reasonably timely manner. If we require extra time to respond, we will inform you of the reason and extension period in writing.

In order to protect the security of your personal information, we will not honor a request if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. The method used to verify your identity will vary depending on the nature of the request. Generally speaking, verification will be performed by matching the identifying information provided by you to the personal information that we already have.

Any disclosures we provide will only cover the twelve (12) month period preceding our receipt of your request. We are not obligated to provide the information set forth above more than twice in a twelve (12) month period.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

  • Personal Information Sales Opt-Out and Opt-In Rights. You have the right to direct us to not sell your personal information at any time (the "right to opt-out"). We do not sell the personal information of consumers we actually know are less than 16 years of age, unless we receive affirmative authorization (the "right to opt-in") from either the consumer who is at least 13 and less than 16 years of age, or the parent or guardian of a consumer less than 13 years of age.

To exercise the right to opt-out, you (or your authorized representative) may submit a request to us by visiting the following Internet Web page:

Do Not Sell My Personal Information

Alternatively, you may submit an opt-out request by contacting us at privacy@crownpeak.com.

  • Non-Discrimination. We will not discriminate against you for exercising any of your CCPA rights, including, but not limited to, by:
    • Denying you goods or services.
    • Charging you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
    • Providing you a different level or quality of goods or services.
    • Suggesting that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

Please note that if we have obtained or received your personal information by or on behalf of a customer and you wish exercise any of your rights under applicable data protection laws, please liaise with the relevant customer directly.

 7. Email communication, advertising, and tracking preferences Top

If you no longer wish to receive marketing information from us, you can let us know by contacting us at the contact details below, or by clicking the ‘unsubscribe link’ or accessing the 'Change Your Preferences' link we provide in our marketing communications. Please note that this does not opt you out of receiving important business communications related to your current relationship with us, such as security information or if our service is temporarily suspended for maintenance purposes.

We use non-personally identifying information to facilitate cross device association. We or our third party vendors analyze device activity data using a mathematical tool known as a “probabilistic algorithm” to determine if you have interacted with content across multiple devices and to match such devices. In connection with this analysis, we may rely on non-personally identifiable information (including demographic, geographic and interest-based data) from third parties such as data vendors, pursuant to their own privacy policies or we may use the non-personally identifiable information we collect in conjunction with such third party data.  Based on this data, we may then display targeted advertisements across devices that we believe are associated and may provide other services to our advertisers such as tools, analyses, data and insights to see how their website or mobile applications are used and to further enable the display of targeted advertisements to you, including across your devices. Our advertisers may also provide us with deterministic data about you that may be used to supplement our probabilistic data. Based on this data, we may then display targeted advertisements across devices that we believe are associated and may provide other services to our advertisers such as tools, analyses, data and insights to see how their website or mobile applications are used and to further enable cross-device targeting and analysis. In order to restrict our use of certain cross-device data, you may opt out in accordance with this section or the “Your rights” section above.

 8. Information security and storage Top

We implement technical, physical and organisational measures to ensure a level of security appropriate to the risk to the personal information we process. These measures are aimed at ensuring the on-going integrity and confidentiality of personal information. We evaluate these measures on a regular basis to ensure the security of the processing. We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once we receive it. No method of transmission over the internet, or method of electronic storage, is 100% secure, however. Therefore, we cannot guarantee its absolute security. If you have questions about the security of your personal information, or if you have reason to believe that the personal information that we hold about you is no longer secure, please contact us immediately as described in this Privacy Policy.

Crownpeak Technology, Inc. has been audited and received a SOC 2 report addressing the security, confidentiality and availability of our products, services, and Platforms.

 9. How long is information retained? Top

We will keep your personal information for as long as we have a relationship with you. Once our relationship with you has come to an end, we will retain your personal information for a period of time that enables us to:

  • Maintain business records for analysis and/or audit purposes;
  • Comply with record retention requirements under the law;
  • Comply with our legal obligations;
  • Defend or bring any existing or potential legal claims;
  • Deal with any complaint regarding any of our services; or
  • Any other purposes for which personal information will be retained.

We will delete your personal information when it is no longer required for these purposes. If there is any information that we are unable, for technical reasons, to delete entirely from our systems, we will put in place appropriate measures to prevent any further processing or use of the information.

 10. Our commitment to children's privacy Top

Protecting the privacy of children is important to us. We do not knowingly collect any personal information from children under the age of 18. If a parent or guardian believes that their child has provided us with personal information without consent, please contact us by using the information below, and we will use our best efforts to delete such information from our systems.

11. Where we may transfer your information Top

Your personal information may be transferred to, stored, and processed in a country that is not regarded as ensuring an adequate level of protection for personal information under European Union law.

We have put in place appropriate safeguards (such as contractual commitments) in accordance with applicable legal requirements to ensure that your data is adequately protected. For more information on the appropriate safeguards in place, please contact us at the details below.

We are certified to the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce. Accordingly, our privacy practices regarding the collection, use and retention of all personal information transferred from the EU and Switzerland to the U.S. are subject to this framework and are consistent with the Privacy Shield Principles of notice, choice, onward transfer, security, data integrity and purpose limitation, access, and enforcement. To learn more about the Privacy Shield Framework, and to view our certification, please visit https://www.privacyshield.gov/list .

Crownpeak is responsible for the processing of personal data it receives, under the Privacy Shield Framework, and subsequent transfers to a third party acting as an agent on its behalf. Crownpeak complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.

With respect to personal data received or transferred pursuant to the Privacy Shield Framework, Company is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Crownpeak may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Crownpeak has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/privacy-shield-complaints/ for more information and to file a complaint. This service is provided free of charge to you.

Under certain conditions, more fully described on the Privacy Shield website located at: https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.

Crownpeak has further committed to cooperate with the EU data protection authorities (DPAs) for EU employees, and the Swiss Federal Data Protection and Information Commissioner for Swiss employees, with regard to unresolved Privacy Shield complaints concerning human resources data transferred from the EU or Switzerland, respectively, in the context of the employment relationship.

Our servers are maintained in the United States of America.  By using our website or Platforms, you freely and specifically give us your consent to export your personally identifiable information to the USA.  You understand that data stored in the USA may be subject to lawful requests by the courts or law enforcement authorities in the USA.

12. Information related to data collected on the Crownpeak platforms Top

This privacy policy also covers our collection, use and disclosure of personal information that we collect through our Platforms. The use of information collected through our service is limited to the purpose of providing the service for which our customer has engaged Crownpeak.

Crownpeak collects information under the direction of its customers and has no direct relationship with the individuals whose personal data it processes. If you are a customer of one of our customers and would no longer like to be contacted by one of our customers that use our service, please contact the customer that you interact with directly. We may transfer personal information to companies solely to enable us to provide our service. Transfers to subsequent third parties are covered by the service agreements with our customer. If we engage a third party to process your data on our behalf, that third party will also be bound by our privacy policy and authorized to use your personal information only as necessary to provide these services to us.

We acknowledge that you have the right to access your personal information. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct his query to Crownpeak's customer (the data controller under GDPR or the business under CCPA). If requested to remove data by one of our customers, we will respond within a reasonable timeframe.

Crownpeak retains personal data we process on behalf of our customer for as long as necessary to provide services to our customer. Crownpeak will retain this personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

13. Contact us Top

Crownpeak Technology, Inc. is the controller responsible for the personal information we collect and process (except for the personal information collected on Crownpeak Platforms as described above).

If you have general questions or concerns regarding the way in which your personal information has been used, please send us an email at privacy@crownpeak.com or write to us at this address: Crownpeak Technology, Attention: Privacy Department, 707 17th St., Floor 38, Denver, CO 80202 United States of America

14. Changes to the policy Top

We may update this privacy policy from time to time. We encourage you to periodically review this page for the latest information on our privacy practices. If we make any material changes in the way we collect, use, and/or share the personal information that you have provided, we will notify you by posting notice of the changes to this page.

[This policy was last updated October 15, 2020]