Part A – Introduction
- Personal Information. “Personal Information” means any information that may be used to personally identify or contact an individual, including, but not limited to, first and last name, personal profile, address and email.
- International Transfers and Adequacy Laws. The Service processes personal data of data subjects in third countries that have data protection laws different from those applicable to the data subjects. To satisfy adequacy requirements related to this international data transfer, Cooladata and Medallia sign data processing agreements with vendors that have robust privacy and security terms, including, where appropriate, the Standard Contractual Clauses and adherence to the EU-U.S. Privacy Shield Framework.
Part B – Collection and Use of Personal Information
- For our Customers and Site Visitors.
5.1. How we receive and collect your Personal Information. We receive and/or collect Personal Information from you in the following ways:
(i) Account. In order to use the Solution you are required to create an account (“Account”), and provide us with your name, email, and other information. If you are an entity, your employees may be required to create separate Accounts. If you create your Account, you must provide accurate and complete information. You are responsible for the activity in your Account, and for keeping your password secure. You must notify us immediately of any unauthorized access to your Account. We may allow you to access your Account via third party log-in platforms, such as Gmail (each, a “Third Party Account“), although the use of Third Party Accounts is subject to the relevant third party’s information practices and may involve our access to your information (including Personal Information) in such Third Party Accounts.
(ii) Payments. The Service may include the option to purchase certain products or services from us. If you make such purchases, we will require information from you to complete the transaction. Such information may include Personal Information such as a credit card number and billing information. We may use third party service providers to process payments on our behalf. We do not control how such third party service providers use Personal Information they receive and you agree to be bound by such third parties’ privacy policies.
(iii) Blog, Newsletters, Surveys and Promotions. The Site contains a blog forum about the Service. The Site may also offer you the opportunity to subscribe to newsletters and participate in surveys and other promotional activities, which may require you to provide Personal Information.
(iv) ‘Contact Us’ and General Contact. If you send us a “Contact Us” request, email us, or contact us in any other way via the Service, you may be required to provide us with Personal Information.
5.2. The way we use your Personal Information.
We will use your Personal Information to (a) administer the Service; (b) improve or develop the Service and provide any related customization or maintenance services thereto; (c) personalize your experience and customize content while; (d) contact you; and (e) identify and authenticate your access to the Solution.
- For End Users of our Customers.
6.1. How we receive and collect End User Personal Information and other Information. A CoolaData Customer will use, embed and install CoolaData’s, or its own, analytics tracking code (“Tracking Code“) on its, or a third party’s, blogs, events, social feeds, logs, web pages and/or applications that are linked to the Customer’s Account (each, a “Property“), as well as use other CoolaData tools and services. As a result, when an End User visits, uses and/or interacts with a Property, we receive a range of information about that End User (“End User Info“), including his/her personal information or personal data. Examples of this information include a unique user identifier, the IP address associated with the user’s page load, and if that user added an item to their online shopping cart.
It is the Customer (and not CoolaData) that decides, in its discretion, what End User Info will be made available to CoolaData via the Solution, and how it is processed. Under many data protection laws, including those in Europe (such as the General Data Protection Regulation, or GDPR), Cooladata is considered a “data processor”, and our Customers are considered “data controllers”. As data controllers, our Customers are responsible for ensuring that (a) they have the necessary rights and permissions to install, embed and use the Tracking Code on their Properties and third party Properties for the purpose of collecting, using, and disclosing to CoolaData, the End User Info; and (b) they have explicitly made their End Users aware that Personal Information pertaining to them may be transferred to third parties (including CoolaData and our hosting providers) in various countries around the world, including the United States, and that (c) they have the necessary legal basis for such processing and data transfers, such asr unambiguous consent. Our Customers are also responsible for your own privacy practices and complying with relevant privacy laws.
For more information on the types of data collected by a particular Cooladata Customer, refer to the privacy notices of that Customer. Our Customers’ privacy notices are commonly located on our Customers’ web site or mobile application.
6.2. The way we use End User Personal Information. We use the Personal Information of End Users to administer the Solution to our Customers. The Solution uses End User Info to perform analyses and produce reports for our Customers about the activities, interactions and preferences of their End Users (“Analytics Data“), and makes the Analytics Data available to the Customer. Analytics Data we provide to our Customer will include and/or reference personal information of the End User.
6.3. Integrations. Customers can integrate other tools, processes or platforms as inbound sources of data to the Service. Customers control what data is stored in the Service from these integrations. For more information, refer to the privacy notice or the communications of the Customer.
- Cookies and Tracking Technologies. The Site may utilize “cookies” (small text files), log-files, web beacons and other tracking technologies (collectively, “Tracking Technologies“) to collect information about Site activity. Most browsers allow you to control and block Tracking Technologies.
Customers may choose to use a Cooladata hosted cookie called “cd_user_id” in their Tracking Code. This cookie associates a unique identifier with the user and their visits, uses, or interactions with a Property. By default, this cookie expires after a year, although a Customer may modify the cookie expiration in their implementation of Cooladata tools and services.
- Disclosure of Data for Legal Obligations
Part C – General
- Opting Out of Service emails. You may choose not to receive future Service-related emails from us by selecting an unsubscribe link at the bottom of emails that we send. We may still, however, respond to any “Contact Us” request as well as administrative emails that are connected to your use of the Service. Disabling or otherwise blocking certain Tracking Technologies may have the effect of restricting or delaying your use of the Service.
- Choice. At all times, you may choose whether or not to provide or disclose Personal Information to the Site. If you choose not to provide Personal Information, you may be unable to use certain parts of the Site. With respect to the Solution, our Customers are responsible for getting any necessary consents to collect information through Tracking Code or sending information to us through integrations.
- Links to Other Sites. The Site may contain links to third party websites that are not owned or controlled by us. We are neither responsible nor liable for the privacy practices or the content of third party websites, and you visit them at your own risk.
- Children’s Privacy. The Service is not structured to attract children under the age of 13. Accordingly, we do not intend to, nor knowingly, collect Personal Information from anyone we know to be under 13 years of age. If you are under 13, please do not attempt to register or create any Account and please do not send us any information whatsoever about yourself. If you believe that we might have any information from a child under the age of 13, please contact us at firstname.lastname@example.org.
- Merger, Sale or Bankruptcy. If we are acquired by or merged with a third party entity, we may transfer or assign Personal Information that we have discussed in this notice as part of such merger, acquisition, sale, or other change of control. In this circumstance, the appropriate individuals will be notified about the change in ownership and use of their personal data, as well as any choices they may have regarding their personal data.
- Security. We follow generally accepted industry standards to protect the Personal Information that we collect, receive and store. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, while we strive to use commercially reasonable means to protect Personal Information, we cannot guarantee its absolute security.
Last updated February 2020.