EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield
InsightSquared participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. We are committed to subjecting all personal data received from EU member countries and Switzerland, respectively, in reliance on each Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, and to view our certification, visit the U.S. Department of Commerce’s Privacy Shield List: https://www.privacyshield.gov
InsightSquared Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. InsightSquared complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, InsightSquared is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
HOW TO ACCESS & CONTROL YOUR PERSONAL DATA
Reviewing, Correcting, and Removing Your Personal Information
You have the following data protection rights:
- You can request access, correction, updates, or deletion of your personal information.
- You can object to processing of your personal information, ask us to restrict processing of your personal information, or request portability of your personal information.
- If we have collected and process your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
To exercise any of these rights, please contact us at email@example.com or by mail to InsightSquared, Inc., 1 Center Plaza, Suite 300, Boston, MA 02108, Attention: Privacy. We will respond to your request to change, correct, or delete your information within 30 days and notify you of the action we have taken.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Under certain conditions, more fully described on the Privacy Shield website (https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint), you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
INFORMATION RELATED TO DATA COLLECTED FOR OUR CLIENTS
Service Provider Collection and Use
InsightSquared collects information under the direction of its clients, and has no direct relationship with the individuals whose personal data it processes.
We collect information for our clients; if you are a customer of one of our clients and would no longer like to be contacted by one of our clients that use our service, please contact the client that you interact with directly. If you are a client and would like to update your account please contact us at firstname.lastname@example.org.
We may transfer personal information to companies that help us provide our service. Transfers to subsequent third parties are covered by the provisions in this Policy regarding notice and choice and the service agreements with our clients.
Access to Data Controlled by our Clients
InsightSquared acknowledges that you have the right to access your personal information. InsightSquared has no direct relationship with the individuals whose personal data it processes. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct his query to the InsightSquared’s client (the Data Controller). If the client requests InsightSquared to remove the data, we will respond to their request within 30 business days.
InsightSquared will retain personal data we process on behalf of our clients for as long as needed provide services to our client, subject to any limitations imposed by our agreements with those clients. InsightSquared will retain and use this personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
INFORMATION COLLECTED FROM YOU AND USED BY INSIGHTSQUARED
InsightSquared will notify you about the purposes for which it collects and uses information about you, how to contact InsightSquared with inquiries or complaints, the types of third parties to whom it discloses personal information, and the choices and means the organization offers individuals for limiting its disclosure. This notice will be provided by this Policy, which is available from InsightSquared’s homepage so that you may review it before you disclose personal information to InsightSquared.
InsightSquared provides you with the right to opt out whether your personal information is disclosed to a third party, or used for a purpose that is incompatible with the purpose for which it was originally collected or subsequently authorized by you. This Policy clearly describes the ways that InsightSquared uses and discloses your personal information. If you wish to opt out at any time, you may do so by contacting us at email@example.com. If you no longer wish to receive newsletters or other promotional email communications from us you may also follow the unsubscribe instructions contained in each of the emails you receive.
Personal Information Gathered
The InsightSquared website has various features which allow those interested in InsightSquared and its services to obtain more information about InsightSquared. InsightSquared asks those requesting information about InsightSquared to provide InsightSquared with certain personal contact information that InsightSquared may use to follow up with those interested in its services. The information InsightSquared may collect through the InsightSquared service includes but is not limited to first and last name, company or organization, title or position within the company or organization, phone number, and email address. InsightSquared stores this information and uses this information to respond to requests for information regarding our services and provide support to its customers as well as for InsightSquared’s own marketing purposes. InsightSquared’s use of personal information may include developing aggregated data that (once aggregated) no longer constitutes personal information.
Refer a Customer
If you choose to use our referral service to tell an individual about our service, we will ask you for that individual’s name, company name, and email address. InsightSquared stores this information for the sole purpose of encouraging your referral to evaluate our service, and tracking the success of our referral program. Those individuals may contact us at firstname.lastname@example.org to request that we remove their information from our database.
As is true of most websites, we gather certain information automatically and store it in log files. This information may include internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data. We may combine this automatically collected log information with other information we collect about you. We do this to improve services we offer you, to improve marketing, analytics, and site functionality.
We partner with third parties to either display advertising on our website or to manage our advertising on other sites. Our third-party partner may use technologies such as cookies to gather information about your activities on this site and other sites in order to provide you advertising based upon your browsing activities and interests.If you wish to not have this information used for the purpose of serving you interest-based ads, you may elect to turn off cookies or use your browser’s privacy settings to mask your identity, or you may opt-out by the following consumer choice mechanisms.
European Interactive Digital Advertising Alliance (EDAA)’s consumer opt-out page (http://youronlinechoices.eu)
Network Advertising Initiative (NAI)’s self-regulatory opt-out page (http://optout.networkadvertising.org/).
Please note this does not opt you out of being served ads. You will continue to receive generic ads.
InsightSquared does not disclose personal information submitted to InsightSquared to any third party, except as follows and as otherwise outlined in this Policy:
InsightSquared may disclose personal information to subcontractors engaged by InsightSquared to perform services on its behalf and to any other third party such as fulfillment houses that send marketing information on InsightSquared’s behalf, an email service provider to send out emails on our behalf. We use live chat software to assist you if you have questions while using our site or when requesting additional information about our services. Any subcontractors to whom personal information is disclosed are subject to written agreements of confidentiality. We do not sell your personal information to third parties. These companies are authorized to use your personal information only as necessary to provide these services to us. Any subcontractor that receives any personal information of individuals resident in the EU is either itself subject to EU data privacy law, subscribes to the Safe Harbor Principles or another adequacy finding, or has entered into a written agreement with InsightSquared requiring that such third party provide at least the same level of privacy protection as the Safe Harbor standards. Transfers to subsequent third parties are covered by the provisions in this Policy regarding notice and choice and the service agreements with our Clients.
InsightSquared reserves the right to disclose personal information to third parties as part of co-marketing efforts, for example InsightSquared may share the names of registrants with the co-host of a jointly-produced educational webinar. If Individual wishes to opt out of such co-marketing efforts, he/she may request such removal from email@example.com.
- InsightSquared reserves the right to disclose personal information if required by law enforcement authorities, subpoena or other court order, or other governmental authority, and (to the extent permitted by law and the Safe Harbor principles) to the extent necessary to protect the legal rights and personal safety of InsightSquared and its employees and agents.
- In certain situations, InsightSquared may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If InsightSquared is involved in a merger, acquisition, or sale of all or a portion of its assets, your personal information may be disclosed to the successor or acquirer of InsightSquared’s business. You will be notified via email and/or a prominent notice on our website of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.
InsightSquared maintains reasonable precautions designed to ensure the security of personal information covered by this Policy, and to protect such personal information from loss, misuse or unauthorized access, alteration, destruction, or disclosure. When you enter sensitive information (such as login credentials) we encrypt the transmission of that information using secure socket layer technology (SSL). InsightSquared has a written data security policy that describes the policies and procedures by which data security is to be maintained. Although InsightSquared makes every effort to ensure security of its customer information, no data transmission over the Internet can be guaranteed to be 100% secure. If you have any questions about security on our website, you can contact us at firstname.lastname@example.org.
InsightSquared takes reasonable steps to ensure that personal information it collects is reliable for its intended use, accurate, complete, and current. InsightSquared does not use personal information in ways that are incompatible with the purposes for which the information was disclosed.
User Access to Personal Information
Upon request InsightSquared will provide you with information about whether we hold, or process on behalf of a third party, any of your personal information. To request this information please contact us at email@example.com.
InsightSquared allows you access to personal information held about you and allows you to correct, amend, or delete that information if inaccurate or if you no longer desire our service subject to contractual commitments you may have entered into with InsightSquared, except where the burden or expense of providing access would be disproportionate to the risks to your privacy. If you have submitted personal information to InsightSquared, and you wish to obtain access to such information in order to review, amend, or delete that information, you should contact InsightSquared by emailing us at firstname.lastname@example.org. InsightSquared reserves the right to confirm your identity before providing access. We will respond to your request for access within 30 days.
We will retain your information for as long as your account is active or as needed to provide you services or to comply with the restrictions of separate agreements we may have signed with you. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
You can log in to our site using sign-in services such as an Open ID provider. These services will authenticate your identity and provide you the option to share certain personal information with us such as your name and email address to pre-populate our sign up form. Services like Facebook Connect give you the option to post information about your activities on this website to your profile page to share with others within your network.
Social Media Features
We display personal testimonials of satisfied customers on our site in addition to other endorsements. With your consent we may post your testimonial along with your name. If you wish to update or delete your testimonial, you can contact us at email@example.com.
Our website offers publicly-accessible blogs or community forums. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. To request removal of your personal information from our blog or community forum, contact us at firstname.lastname@example.org. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why.
Enforcement of This Policy
If you have a question, comment or complaint about this Policy or enforcement of this Policy, please address your concern to InsightSquared at email@example.com or by mail to InsightSquared, Inc., 1 Center Plaza, Suite 300, Boston, MA 02108, Attention: Privacy. InsightSquared will investigate your concerns promptly, and will respond to your correspondence within thirty days after we receive it. InsightSquared will provide you with a clear explanation of any decisions made with respect to your request.
InsightSquared conducts an annual self-assessment to verify that this Policy is accurate, comprehensive, prominently displayed, completely implemented and accessible, and to confirm that employee training and appropriate compliance procedures are in place.
Changes to This Policy
Changes to this Policy will be posted in this section. If we make any material changes we will notify you by email (sent to the email address specified in your account) or by means of a notice on this website prior to the change becoming effective. This way you will always have a clear understanding of what information is collected online and offline, how it is used, and the choices you have. Your personal information will only be used in accordance with the version of the Policy that is in place at the time that you provided your information, unless you provide your consent to do otherwise. We encourage you to periodically review this page for the latest information on our privacy practices.
YOUR RIGHTS UNDER GDPR
Under GDPR, you opt in to have an organization (the “Data Controller”) collect your Personal Data.
Special Categories of Data
Unless specifically authorized, GDPR prohibits processing of certain special categories of data such as race, ethnicity, political and religious beliefs, sexual orientation, genetic, and biometric data. InsightSquared does not acquire or process any data belonging to these categories.
Right of Access
If you consented to a Data Controller processing your Personal Data, you may then request the following:
- A copy of your Personal Data undergoing processing
- Purpose of processing
- Categories of data processed (e.g., name, address, online browsing behavior)
- Any third-party recipients of your Personal Data, both backward or forward looking, especially recipients in third-party countries (i.e. countries outside of the EU)
- Any third-party sources of your Personal Data (i.e. not collected from the Data Subject directly, for instance by purchasing said data from another source that previously collected the data directly)
- How long such Personal Data would be stored, or if that is not determinable, how the length of this period would be determined
- Data rectification
- Data erasure
- Restriction of data processing
- Objection to data processing
Right to Rectification
You, as a Data Subject, have the right to have any errors or inaccuracies of Personal Data corrected. The Data Controller will implement requests without undue delay.
Right of Erasure
You, as a Data Subject, have the right to have your Personal Data erased or forgotten. The Data Controller will remove your Personal Data and confirm deletion via a notification to you. Data Controllers are also required to maintain these transactions.
Right to Data Portability
You, as a Data Subject, have the right to have your Personal Data exported and provided to you in complete form.
In the event of a data breach and your Personal Data is compromised, your Data Controller is required to notify you within 72 hours.
OUR COMMITMENT TO PROTECTING YOUR PERSONAL DATA
We are committed to partnering with customers and users to ensure that we are fully compliant with the requirements of GDPR. We recognize your rights under GDPR, and will ensure that these rights are honored and your Personal Data is protected.
Measures to achieve this include:
- A new Data Processing Addendum depending on our relationship with you and the country in which you are domiciled
- Additional investments in our security infrastructure
- Appointment of a Data Security Officer
- Support and maintenance of our Privacy Shield self-certification
- New clarity on procedures for consent, data portability and privacy preference enquiries
We will continue to monitor the guidance around GDPR compliance from privacy-related regulatory agencies and services, and adjust our plans accordingly if that guidance changes.
International Data Transfers: Privacy Shield and Contractual Terms
In the event of a data breach and your Personal Data is compromised, your Data Controller is required to notify you within 72 hours.
To comply with EU data protection laws around international data transfer mechanisms, we self-certify under the EU-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield. These frameworks were developed to establish a way for companies to comply with data protection requirements when transferring personal data from the EU and Switzerland to the United States.
In addition, we offer European Union Model Clauses, also known as Standard Contractual Clauses, to meet adequacy and security requirements for our customers who operate in the EU.
DATA CONTROLLER VERSUS DATA PROCESSOR
Your Personal Data may enter our processing scope in multiple ways. We are either a Data Controller or a Data Processor under the GDPR. The way in which your Personal Data is obtained, who has control over that data, and who has the responsibility for protecting and administering your rights, determines whether we are a Data Controller or a Data Processor. This section describes our role as both a Data Controller and Data Processor, and explains how you can interact with us in either role.
Role of a Data Controller
When you interact with InsightSquared via our marketing and sales development outreach programs as a website visitor, webinar participant, or asset downloads, we act as the primary Data Controller from a GDPR perspective. In these cases, we are responsible for obtaining your consent and providing means for exercising your data rights.
- Personal Data you submit during registration, such as your name, email, phone number, and address.
- When you interact with web forms and similar registration pages at our website (or partners that we collaborate with), we will request explicit consent prior to you submitting your Personal Data.
- When we contact you and you provide information to us, and you consent to us for using the information we obtained from you.
- When your colleague from your organization volunteers your Personal Data to us via email, or other information channels. We will follow up to obtain consent using the email provided to us, or we will indicate in our email communication that we do not yet have consent but request that you provide us consent to continue our use of your personal data.
We ensure that any data we procure from third-party services is obtained by that third party after obtaining your consent.
If you had previously provided consent to collect your Personal Data, you may choose to withdraw that consent at a later point. Please send an email request to GDPR@insightsquared.com and we will implement the request, and provide a confirmation of your consent withdrawal via a reply email to your email address. The acknowledgement email will also provide you consequences of withdrawing your consent.
We do not sell Personal Data to any other third-party organization. We do not transfer rights to Personal Data to any party or use the data other than for the original purpose it was obtained. Any transfer to a third party is solely intended for the processing of data and InsightSquared has secured agreements with downstream Data Processors to protect Personal Data and enforce GDPR data rights for you.
As part of GDPR you have the right to request your Personal Data be made available to you. We will provide:
- All Personal Data that we have on record
- How and when we obtained the data
- Our use of your data
- Whether any data was transferred to any other third party
To request this data, please contact GDPR@insightsquared.com and we will respond within 30 days of your request.
Data Erasure, Accuracy, and Portability
You may submit a request via GDPR@insightsquared.com to delete all data about you. We will comply with this request, but will use your email to send a confirmation notice that we performed the requested action.
You may submit a request via GDPR@insightsquared.com to update Personal Data that we have about you. We will perform this, and will use your email to send a confirmation notice that we performed the requested action.
You may submit a request via GDPR@insightsquared.com to obtain an export of all your data for data portability. We will provide this information via a CSV or JSON file. Such a report will include meta-data such as when particular data was added, any updates to the data. This will include an audit trail of the data.
Data Breach Notification
We will notify you by email if your Personal Data was compromised via a breach within 72 hours. This includes any breach that was caused by a Data Processor that we have authorized to process your data.
Filing a Complaint
In the event that you are not satisfied with our resolution of your requests, you have the right to file a complaint. Please submit a request via GDPR@insightsquared.com to file a complaint. You also have a right to file a similar complaint with a supervisory authority for the jurisdiction you are in and seek appropriate remediation.
Role of a Data Processor
To request your Personal Data, please send a request to GDPR@insightsquared.com. For data processed by us, we will forward your request to your employer or the organization to which you provided the data (the Data Controller), who will then initiate a request to provide that information. Since our role is only that of a Data Processor, we will not be able to provide your Personal Data directly.
When we process and display your Personal Data, that data was acquired from your employer or our customer that you interact with. If it is Personal Data that you submitted to your employer, you provided consent to your employer to use that data for their business purposes. If it is Personal Data that our customer obtained in the process of conducting business with you or your employer, they rely on your consent to use the data for business purposes. To withdraw an earlier consent that you provided, contact your employer or the organization to which you provided the original Personal Data. We will not be able to alter your consent, as we are the Data Processor.
Data Breach Notification
In the event of a data breach, InsightSquared, as a Data Processor, is required to notify your employer/organization that there was a data breach. Your organization will then notify you regarding the breach, its impact, and potential remedies. We will not notify you directly.
Data Erasure, Accuracy, and Portability
To request an export or erasure or update of Personal Data held by InsightSquared, please send a request to GDPR@insightsquared.com. We will forward your request to your employer/organization, who will then initiate a request us to complete the request. Since our role is only that of a Data Processor, we will not be able to perform these actions directly.
LIST OF SUB-PROCESSORS
InsightSquared as a Data Processor has engaged the services of the following sub- processors. Some or all of your Personal Data may be transferred to them. All such transfers are governed by Master Service Agreements that establish the scope of processing as well as legal basis for such processing. We require sub-processors to perform the specified processing only for the purposes of delivering the services that are part of the agreement. To learn more about the GDPR initiatives of our sub-processors, please visit the web pages listed here.
Sales Analytics Sub-Processors
- Amazon Web Services, Inc. – Hosting
- SingleHop LLC. – Hosting
- SendGrid – Email Notifications
- Gainsight – Product Usage Statistics
- Zendesk – Support & Customer Documentation
- Amazon Web Services, Inc. – Hosting
- Intercom.com – Support & Customer Documentation
- Postmarkapp – Email Notifications
- Gainsight – Product Usage Statistics
- Datadog – Infrastructure Monitoring
- InsightSquared Terms and Conditions
- EU-U.S. and Swiss-U.S. Privacy Shield
- Full text of the GDPR
Effective Date of Policy: 7/16/2020