Table of Contents
We will collect personal information from a variety of sources, including from you directly (e.g. when you contact us), automatically (e.g. your IP address) and from other sources (e.g. social media sites).
We use information we collect about you primarily to provide our services/products to you, and we must have a legal basis to process your personal information, such as to fulfil our contractual obligations to you or to meet our legitimate interests.
We will share information about you with third-parties, such as service providers and law enforcement agencies, when you use our products or services.
We may share personal information we collect about you with other parties, such as with our affiliate Crownpeak group companies and marketing partners.
Subject to local law, you have certain rights relating to your personal information, including the right to access and erase your information.
You can manage and adjust your settings regarding marketing communications you receive from us and cookies.
We take certain technical, organisational and physical security measures to help protect the information we receive.
We may retain your personal information for as long as we have a relationship with you and for a period of time after our relationship with you has ended.
We do not knowingly collect personal information from anyone under the age of 18.
Your personal information may be transferred globally in accordance with appropriate safeguards.
Covers our collection, use and disclosure of personal information that we collect through our Platforms. The use of information collected through our service is limited to the purpose of providing the service for which our customer has engaged Crownpeak.
You can contact us if you would like to exercise your rights, or if you have any questions or concerns.
We may update the policy from time to time and will notify you if we make any material changes to how we process your information.
- Use our products and services (e.g. Crownpeak Digital Governance (DG), Digital Experience Management (DXM) and Digital Quality Management (DQM) platforms) (collectively, the "Platforms") as an authorized user (e.g., an employee of one of our customers who provided you with access to our products);
- Receive communications from us, including emails, etc.
- Visit our offices;
- Register for, attend and/or otherwise take part in our events or webinars; and
- Participate in the Crownpeak community.
2. Types of information we collect Top
- Information that is lawfully made available from federal, state or local government records.
- Deidentified or aggregated information.
- Information excluded from the scope of the California Consumer Privacy Act of 2018 (“CCPA”).
Information about our data collection during the prior twelve (12) months is further described below.
You can access, delete and control certain uses of your information as set form in the “Your rights” section below.
2.1 Information we collect directly from you Top
- personal details (e.g. name, job description, title), contact details (e.g. phone number, email address, postal address or mobile number) and authentication details (e.g. user identification number, username, password to access the services) which we use to provide you our services, deliver marketing messages to you, verify your identity, provide customer support and administer and host our events;
- content of any correspondence between you and us, which we use to provide you customer support and communicate with you about our services or Platforms; and
- profile information (e.g. information that you add to any profile that you create through our website or the Platforms which we use to identify you and register you to use such websites or Platforms.
See “How we use the information we collect” below for more detail on how we use the above categories of personal information.
2.2 Information we collect automatically Top
We also collect information about you automatically when you visit our website and Platforms, including:
- Online identifiers such as your IP address, your URL address (uniform resource identifier), your domain name, your browser type, your operating system, your internet service provider
- Online activity such as the pages you view, the duration of your visit, the pages you view immediately before and after you access the website/Platform and if you are referred to our website via a third party we will determine the referring site (e.g. an ad, a search engine, or media piece).
- Geographic location information from your IP address.
We may store these in log files and combine it with other information we collect about you. We do this to improve and enable services we offer you, marketing, analytics, product functionality, and website functionality.
See “How we use the information we collect” below for more detail on how we use the above categories of personal information.
2.3 Information we collect from other sources Top
We may collect information about you from third-parties including social media and content syndicators and retain only for the minimum amount of time required by law. The following are examples of the categories of information we may collect from other sources:
- personal details (e.g. name, role, title) which we use to communicate about Crownpeak products and promotions; and
- contact details (e.g. phone number, email address, postal address or mobile number) which we use to communicate about Crownpeak products and promotions; and
- IP addresses (only for the purposes of recording consent and not associated with any online activity (e.g. website visited)) are retained for a minimal amount of time.
Our website and Platforms may integrate with social networking services. We do not control such services and are not liable for the manner in which they operate. While we may provide you with the ability to use such services in connection with our website and Platforms, we are doing so merely as an accommodation and, like you, are relying upon those third party services to operate properly and fairly.
You should be aware that personal information which you voluntarily include and transmit online in a publicly accessible blog, social network or otherwise online may be viewed and used by others. We are unable to control such uses of your personal information, and by using such services you assume the risk that the personal information provided by you may be viewed and used by third parties.
See “How we use the information we collect” below for more detail on how we use the above categories of personal information.
3. How we use the information we collect Top
We use your personal information to:
- identify you and create a profile when you register with us to use our services or Platforms;
- verify your identity when you access and use our Platforms to ensure the security of your information;
- provide customer support (e.g. if you have issues logging in or using our services);
- administer and host our events and/or webinars, which you register or attend;
- improve the services and products we offer to you to provide you and other customers with the best possible service, and make it more usable and appealing;
- perform data analytics, including creating reports to provide our partners with aggregated information about how users interact with their sites, and providing aggregated trend reports to third parties;
- deal with your enquiries and requests (e.g. following a training session or a demonstration of our products);
- send you promotional and marketing information (e.g. news, special offers) about our products and services, unless you have opted out of marketing, or if we are otherwise prevented by law from doing so;
- personalise the marketing messages we send you to make them relevant by analysing the details of the products and services you have with us to make suggestions for other products or services which we believe you will also be interested in;
- ensure that our records are kept accurate and up to date where you, your employees or contractors work on our facilities;
- defend ourselves against legal claims and/or comply with legal obligations to which we are subject (e.g. providing information to HMRC and prevent money laundering); and
We must have a legal basis to process your personal information. In most cases the legal basis will be one of the following:
- to fulfil our contractual obligations to you, for example to provide the services you request, and for ensuring you are able to access our premises when required. Failure to provide this information may prevent or delay the fulfilment of these obligations;
- to comply with our legal obligations to you, for example to obtain proof of your identity to enable us to meet our fraud prevention and anti-money laundering obligations; and
- to meet our legitimate interests, for example, to ensure that the services function correctly with our systems. When we process personal information to meet our legitimate interests, we put in place robust safeguards to ensure that your privacy is protected and to ensure that our legitimate interests do not override your interests or fundamental rights and freedoms.
4. How we share the information we collect Top
We may share your personal information with third parties under the following circumstances:
- Service providers and business partners. We may share your personal information with companies that perform services on our behalf, including improving functionality of our Platforms and websites, collecting information about you and assisting us with IT and social media management and data analytics.These companies are authorized to use your personal information only as necessary to provide these services to us. In such cases, these companies must abide by our data privacy and security requirements and are now allowed to use personal information they receive from us for other purposes;
- Crownpeak group companies. Crownpeak Technology, Inc. works closely with other businesses and companies that fall under the Crownpeak group of companies. We may share your personal information with other Crownpeak group companies for marketing purposes, internal reporting, customer insights and service optimization, by way of examples.
- Law enforcement agency, court, regulator, government authority or other third party. We may share your personal information with these parties where we believe this is necessary to comply with a legal or regulatory obligation such as to comply with a subpoena or other legal process, or otherwise to protect our rights or the rights of any third party, investigate fraud, or respond to a government request.
- Restructuring. We may share your personal information during the course of business negotiations and transactions (for example, a reorganisation, merger, sale, or transfer of some or all of our assets) to the extent necessary to facilitate the restructuring. In such an event, you will be notified via email and/or a prominent notice on our website of any change in ownership, incompatible new uses of your personal information, and choices you may have regarding your personal information.
- In the context of Crownpeak hosted events and/or webinars. We may share your personal information (e.g., name, email, job title) with our sponsors with your consent, if required by applicable law. For Company-sponsored events, we may share your personal information with other attendees via a mobile app which is used to facilitate locating attendees.
5. Sales of information to other parties Top
We may sell your personal information to third parties, subject to your right to opt-out of those sales (See “Your rights” below).
In the preceding twelve (12) months, we have sold the following categories of personal information:
- Personal identifiers;
- California Customer Records personal information categories;
- Commercial information;
- Internet or other similar network activity;
- Inferences drawn from other personal information;
- Location data; and
- Professional or employment-related information.
6. Your rights Top
Subject to local law, you have certain additional rights regarding your personal information, including the following rights to:
- access your personal information;
- rectify the information we hold about you;
- erase your personal information;
- restrict our use of your personal information;
- object to our use of your personal information;
- not be subject to a decision based solely on automated processing, including profiling, which produces legal effects;
- receive your personal information in a usable electronic format and transmit it to a third party (also known as the right to data portability);
- lodge a complaint with your local data protection authority; and
- withdraw any consent you have given to uses of your personal information (such as in relation to cookies or our direct marketing activities).
We encourage you to contact us to update or correct your information if it changes or if the personal information we hold about you is inaccurate. We will respond to your request within a reasonable timeframe. Please note that we will likely require additional information from you in order to honor your requests.
Your request should be directed to https://www.crownpeak.com/about/data-subject-access-request.
If you would like to discuss or exercise such rights, please contact us at the details below.
The California Consumer Privacy Act
If you reside in California or in a jurisdiction that provides similar rights, under the California Consumer Privacy Act (“CCPA”), in addition to the erasure and portability rights mentioned above, you have specific rights regarding your personal information, including:
- Right to Know About Personal Information Collected, Disclosed or Sold. You have the right to request that we disclose certain information to you about our collection, use, disclosure or sale of your personal information over the prior twelve (12) months. Once we receive and confirm your verifiable consumer request, subject to certain limitations that we describe below, we will disclose such information to you. You have the right to request any or all of the following:
- The categories of personal information we collected about you.
- The categories of sources from which the personal information is collected.
- Our business or commercial purpose for collecting or selling that personal information.
- The categories of third parties with whom we share that personal information.
- The specific pieces of personal information we collected about you
To exercise the right to know about personal information described above (or the right to erasure or portability under CCPA), please submit a request to us by either:
Only you, or a person or business entity registered with the California Secretary of State that you authorize to act on your behalf (an “authorized agent”), may make the requests set forth above. You may also make a request on behalf of your minor child.
The request should include your contact information and describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. In addition, you should provide sufficient information (including valid e-mail address) that allows us to reasonably verify that you are the person about whom we collected the personal information or an authorized representative.
We will respond to consumer requests in a reasonably timely manner. If we require extra time to respond, we will inform you of the reason and extension period in writing.
In order to protect the security of your personal information, we will not honor a request if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. The method used to verify your identity will vary depending on the nature of the request. Generally speaking, verification will be performed by matching the identifying information provided by you to the personal information that we already have.
Any disclosures we provide will only cover the twelve (12) month period preceding our receipt of your request. We are not obligated to provide the information set forth above more than twice in a twelve (12) month period.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
- Personal Information Sales Opt-Out and Opt-In Rights. You have the right to direct us to not sell your personal information at any time (the "right to opt-out"). We do not sell the personal information of consumers we actually know are less than 16 years of age, unless we receive affirmative authorization (the "right to opt-in") from either the consumer who is at least 13 and less than 16 years of age, or the parent or guardian of a consumer less than 13 years of age.
To exercise the right to opt-out, you (or your authorized representative) may submit a request to us by visiting the following Internet Web page:
Do Not Sell My Personal Information
Alternatively, you may submit an opt-out request by contacting us at firstname.lastname@example.org.
- Non-Discrimination. We will not discriminate against you for exercising any of your CCPA rights, including, but not limited to, by:
- Denying you goods or services.
- Charging you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Providing you a different level or quality of goods or services.
- Suggesting that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
Please note that if we have obtained or received your personal information by or on behalf of a customer and you wish exercise any of your rights under applicable data protection laws, please liaise with the relevant customer directly.
7. Email communication, advertising, and tracking preferences Top
If you no longer wish to receive marketing information from us, you can let us know by contacting us at the contact details below, or by clicking the ‘unsubscribe link’ or accessing the 'Change Your Preferences' link we provide in our marketing communications. Please note that this does not opt you out of receiving important business communications related to your current relationship with us, such as security information or if our service is temporarily suspended for maintenance purposes.
We use non-personally identifying information to facilitate cross device association. We or our third party vendors analyze device activity data using a mathematical tool known as a “probabilistic algorithm” to determine if you have interacted with content across multiple devices and to match such devices. In connection with this analysis, we may rely on non-personally identifiable information (including demographic, geographic and interest-based data) from third parties such as data vendors, pursuant to their own privacy policies or we may use the non-personally identifiable information we collect in conjunction with such third party data. Based on this data, we may then display targeted advertisements across devices that we believe are associated and may provide other services to our advertisers such as tools, analyses, data and insights to see how their website or mobile applications are used and to further enable the display of targeted advertisements to you, including across your devices. Our advertisers may also provide us with deterministic data about you that may be used to supplement our probabilistic data. Based on this data, we may then display targeted advertisements across devices that we believe are associated and may provide other services to our advertisers such as tools, analyses, data and insights to see how their website or mobile applications are used and to further enable cross-device targeting and analysis. In order to restrict our use of certain cross-device data, you may opt out in accordance with this section or the “Your rights” section above.
8. Information security and storage Top
Crownpeak Technology, Inc. has been audited and received a SOC 2 report addressing the security, confidentiality and availability of our products, services, and Platforms.
9. How long is information retained? Top
We will keep your personal information for as long as we have a relationship with you. Once our relationship with you has come to an end, we will retain your personal information for a period of time that enables us to:
- Maintain business records for analysis and/or audit purposes;
- Comply with record retention requirements under the law;
- Comply with our legal obligations;
- Defend or bring any existing or potential legal claims;
- Deal with any complaint regarding any of our services; or
- Any other purposes for which personal information will be retained.
We will delete your personal information when it is no longer required for these purposes. If there is any information that we are unable, for technical reasons, to delete entirely from our systems, we will put in place appropriate measures to prevent any further processing or use of the information.
10. Our commitment to children's privacy Top
Protecting the privacy of children is important to us. We do not knowingly collect any personal information from children under the age of 18. If a parent or guardian believes that their child has provided us with personal information without consent, please contact us by using the information below, and we will use our best efforts to delete such information from our systems.
11. Where we may transfer your information Top
Your personal information may be transferred to, stored, and processed in a country that is not regarded as ensuring an adequate level of protection for personal information under European Union law.
We have put in place appropriate safeguards (such as contractual commitments) in accordance with applicable legal requirements to ensure that your data is adequately protected. For more information on the appropriate safeguards in place, please contact us at the details below.
We are certified to the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce. Accordingly, our privacy practices regarding the collection, use and retention of all personal information transferred from the EU and Switzerland to the U.S. are subject to this framework and are consistent with the Privacy Shield Principles of notice, choice, onward transfer, security, data integrity and purpose limitation, access, and enforcement. To learn more about the Privacy Shield Framework, and to view our certification, please visit https://www.privacyshield.gov/list .
Crownpeak is responsible for the processing of personal data it receives, under the Privacy Shield Framework, and subsequent transfers to a third party acting as an agent on its behalf. Crownpeak complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield Framework, Company is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Crownpeak may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Crownpeak has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/privacy-shield-complaints/ for more information and to file a complaint. This service is provided free of charge to you.
Under certain conditions, more fully described on the Privacy Shield website located at: https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
Crownpeak has further committed to cooperate with the EU data protection authorities (DPAs) for EU employees, and the Swiss Federal Data Protection and Information Commissioner for Swiss employees, with regard to unresolved Privacy Shield complaints concerning human resources data transferred from the EU or Switzerland, respectively, in the context of the employment relationship.
Our servers are maintained in the United States of America. By using our website or Platforms, you freely and specifically give us your consent to export your personally identifiable information to the USA. You understand that data stored in the USA may be subject to lawful requests by the courts or law enforcement authorities in the USA.
12. Information related to data collected on the Crownpeak platforms Top
We acknowledge that you have the right to access your personal information. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct his query to Crownpeak's customer (the data controller under GDPR or the business under CCPA). If requested to remove data by one of our customers, we will respond within a reasonable timeframe.
Crownpeak retains personal data we process on behalf of our customer for as long as necessary to provide services to our customer. Crownpeak will retain this personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
13. Contact us Top
Crownpeak Technology, Inc. is the controller responsible for the personal information we collect and process (except for the personal information collected on Crownpeak Platforms as described above).
If you have general questions or concerns regarding the way in which your personal information has been used, please send us an email at email@example.com or write to us at this address: Crownpeak Technology, Attention: Privacy Department, 707 17th St., Floor 38, Denver, CO 80202 United States of America
14. Changes to the policy Top
[This policy was last updated October 15, 2020]