IF YOU DO NOT WISH TO PROVIDE OR OTHERWISE MAKE AVAILABLE TO GLASSBOX, WHETHER DIRECTLY OR INDIRECTLY, THE INFORMATION DESCRIBED BELOW THAT WE COLLECT VIA THE USABILITY AND FUNCTIONALITY OF OUR SERVICES, PLEASE DO NOT VISIT OUR WEBSITE.
INFORMATION WE COLLECT
GLASSBOX collects information from end users (“End Users”) at several different points and via several different channels throughout our Services. This may include, without limitation, traffic data including an End User’s IP address, domain server, type of computer, type of web browser, geo-location, browsing and click-stream activity, session heatmaps and scrolls and more. Our GLASSBOX Solutions (as defined below) are also designed to automatically collect information about your website visits, referring and exit pages and URLs, amount of time spent on particular web pages, and the sections/features of our Services you visit/utilize. We’ve designed our Services so that the information collected from End Users is anonymous information that does not personally identify an End User but may be helpful for improving an End User’s experience in connection with our Services and/or for marketing purposes.
In general, when you visit our Site or otherwise utilize our Services you remain anonymous. That said, certain aspects of our Services, whether deployed by others or by us, may require that you register or log in before you are permitted to access certain areas, tools, features and the like. In such cases, the information you will likely be asked to provide (and that is collected by us) may be more personal in nature. In those cases, personal information, such as an End User’s name, address, contact information and other personally-identifiable information (“Personal Information” or “Personal Data”) may be collected from you and stored in our databases, typically when you register to the Site, request support enter into a sales promotion or otherwise interact with us (for example through the “contact us” option). It should be made clear that you have no legal obligation to provide us with any Personal Data and the submission of such information is entirely subject to your sole discretion and consent. However, if you will not provide us with the required information, we may not be able to provide you with the information/services requested by you.
We may also collect statistical and other data related to your use of our Services as well as information on Services usage patterns. This information is collected and used as anonymous, aggregated, non-individually identifiable information.
HOW WE USE INFORMATION
Our Services allows us to use aggregated and anonymous information which does not identify individual End Users. This information is often used for analyzing trends, administering and improving services, and to gather demographic information about our End User base as a whole. There are also times when we will combine such information with additional non-personal or de-identified information that we obtain from other companies in order for us to gain broader market insights. We typically analyze this information and organize it into user groups and audiences, based on factors such as age, gender, geography, interests and online actions. This is often referred to as Interest-Based Advertising. To enable the foregoing, the GLASSBOX Solutions use technology including browser cookies, device identifiers, and other similar technologies to recognize a particular browser or device over time, to predict possible relationships among different browsers and devices and to then relay this information to our system.
We also compile and store data and information and generate reports related to our End Users’ access to and use of our Services.
To the extent required under applicable data processing laws and regulations, any Personal Data that we collect will be stored in our database and will be used in accordance with such applicable laws and regulations.
Any data processing performed by any third party with whom we have provided End User information (either Personal Data or non-Personal Data) will, if and when required by law, be governed by a binding agreement in the form mandated by applicable by law, preserving End Users’ statutory data protection rights.
GLASSBOX retains the End User data described above which is collected through our GLASSBOX Solutions for up to twenty-four (24) months from the date of its collection (unless the data is required to be held for a longer period by applicable laws and regulations) and solely for the uses expressly provided hereunder.
GLASSBOX may share information internally among its affiliates or with third parties for the purposes described in this Policy. Without limiting the foregoing, some of the reason we might share your information are:
- To enable you to use our Services, to register and establish an account, and to provide you with ongoing customer service and technical support;
- To support and enhance our data security measures, including for the purposes of preventing fraud or abusive behavior;
- To protect and support the legitimate interests of GLASSBOX and any of its affiliates;
- To protect the safety and well-being and interests of End Users of our Services and any members of the general public; and
- To comply with any applicable laws and regulations.
Personal Data collected from End Users within the European Economic Area (“EEA”) may, for example, be transferred to countries outside of the EEA for the purposes described in this policy. To do so in a compliant manner, GLASSBOX will only transfer such data if (i) it has the End User’s consent or some other legal basis upon which to rely, (ii) it has in place a data processing agreement/addendum with the intended recipient(s) thereof (which utilizes standard contract clauses approved by the European Commission, as applicable), and (iii) it is otherwise in compliance with all other obligations mandated under European Union law.
In addition to the foregoing, we expressly reserve the right to disclose or otherwise allow access to your Personal Data pursuant to a legal requirement or a request, such as a subpoena, search warrant or court order, or in compliance with applicable laws and regulations. Such disclosure or access may occur with or without notice to you. We may also disclose the information that we collect where we believe that it is necessary in order to protect the vital interests of any person, or to exercise, establish, or defend our legal rights.
YOUR PRIVACY RIGHTS and CONTROLLING YOUR PERSONAL DATA
- Right of access: If you ask us, we will confirm whether we are processing your Personal Data and, if so, provide you with a copy of that Personal Data (along with certain other details). If you require additional copies, we may need to charge a reasonable fee.
- Right to rectification: If your Personal Data is inaccurate or incomplete, you are entitled to have it rectified or completed. If we have shared your Personal Data with others, we will tell them about the rectification where possible. If you ask us, where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so that you can contact them directly.
- Right to erasure: You may ask us to delete or remove your Personal Data and we will do so in some circumstances, such as where we no longer need it (we may not delete your data when other interests outweigh your right to deletion, for example if we are required by law to keep it). If we have shared your data with others, we will tell them about the erasure where possible. If you ask us, where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so that you can contact them directly.
- Right to restrict processing: You may ask us to restrict or ‘block’ the processing of your Personal Data in certain circumstances, such as where you contest the accuracy of that Personal Data or object to us processing it. We will tell you before we lift any restriction on processing. If we have shared your Personal Data with others, we will tell them about the restriction where possible. If you ask us, where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so that you can contact them directly.
- Right to data portability: You have the right to obtain your Personal Data from us that you consented to give us or that is necessary to perform a contract with you. We will give you your Personal Data in a structured, commonly used and machine-readable format. You may reuse it elsewhere.
- Right to object: You may ask us at any time to stop processing your Personal Data, and we will do so if we are processing your Personal Data for direct marketing and otherwise. However, if we are relying on a legitimate interest to process your Personal Data and we demonstrate compelling legitimate grounds for the processing we may continue; or
- Rights in relation to automated decision-making and profiling: You have the right to be free from decisions based solely on automated processing of your Personal Data, including profiling, which produce a significant legal effect on you, unless such profiling is necessary for entering into, or the performance of, a contract between you and us, or with your explicit consent.
- Right to withdraw consent: If we rely on your consent to process your Personal Data, you have the right to withdraw that consent at any time. Your withdrawal of consent will not affect apply to data that was processed prior to our receipt of your withdrawal of consent.
- Right to lodge a complaint with the data protection authority: If you have a concern about our privacy practices, including the way we have handled your Personal Data, you can report it to the data protection authority that is authorized to hear those concerns.
For California residents
You may exercise your privacy rights by calling our toll free at 1-866-I-OPT-OUT (1-866-467-8688) and entering service code 760# to leave us a message or by writing to us to email@example.com. All other users should use the email address to correspond with us regarding any privacy questions. Your request must include sufficient information that allows us to reasonably verify you are the person about whom we collected personal information, and that you have the authority to make the request(s) that we’ve received.
From time to time, GLASSBOX grants certain of its enterprise clients (“Enterprise Clients” or “Clients”) a license or other rights to GLASSBOX’s proprietary software products and solutions (the “GLASSBOX Solutions”). Through their use of these GLASSBOX Solutions and/or through other means, enterprise clients of GLASSBOX may get access to, collect and use: (i) End User non-personally identifiable information; and (ii) End User Personal Data.
The GLASSBOX Solutions enable our enterprise clients (the “Enterprise Clients”) to maintain compliance with applicable privacy laws and regulations, assist in the fulfillment of certain contractual necessity and also to deliver more relevant content to consumers across digital channels, including desktop and mobile channels, by gathering data about those End Users’ visits to, and use of, our enterprise clients’ digital properties. These clients have their own policies that govern how they collect, use, and share data, even when such collection and use may be carried out, directly or indirectly, by using our Services from time to time. Please consult the privacy policies of the websites you visit and apps you use to become familiar with their privacy practices.
Those Enterprise Clients of GLASSBOX which utilize GLASSBOX’s cloud-based Services to collect End User information will upload such information to one of GLASSBOX’s secured cloud servers and will analyze such information via our Services.
We enter into binding agreements with each Enterprise Client that uses our Services, which agreements are intended to comply with all applicable laws and regulations for the processing of their End User data.
By way of clarification, we have no direct relationship with any of our Enterprise Clients’ individual End Users. Therefore, any such end user of an Enterprise Client who seeks to correct, amend, delete inaccurate Personal Data, or withdraw consent for further use of his/her Personal Data, should direct all queries to the applicable Enterprise Client that he/she deals with directly.
WHERE WE STORE END USER INFORMATION
SOCIAL MEDIA WIDGETS
Information collected from End Users of the GLASSBOX Services, including End User Personal Data, may be transferred as part of or in connection with a corporate merger, consolidation, restructuring, the sale of substantially all of our shares or stock and/or assets or other corporate change, including, during the course of any due diligence process. By making available your data through the Services in any manner, you agree that your information may be transferred to third parties under such or similar circumstances.
At any time, you have the ability to opt out of receiving marketing communications from GLASSBOX, but you may not opt out of administrative emails. You can opt out by either changing your e-mail preferences or using the link provided at the bottom of each email message or through any other means that is made available to you.
We do not send emails to anyone without a legitimate legal basis to do so, such as to address contractual necessity and legal obligations or on the basis of consent (where consent may have been given to us and/or one of our enterprise clients), and we do not sell or rent email addresses to any unauthorized third party. This does not mean that we can prevent spam from happening on the Internet. If you believe that you have received an unsolicited email from us, please contact us at the e-mail below and we will investigate.
Our Site may have links to the sites of other companies, including those of our enterprise clients. We are not responsible for their privacy practices. We encourage you to learn about the privacy policies of those companies by visiting their respective websites, apps, etc.
POLICY TOWARDS CHILDREN
GLASSBOX does not knowingly collect personal information from minors who are under the age of 16 through its Site and/or the Services. If a parent or guardian becomes aware that his or her child has provided us with Personal Data without the parent’s/guardian’s consent, then he or she should contact GLASSBOX as described hereunder. If we become aware that a child under the age of 16 has provided us with Personal Data, we will delete such information from our files. Further, the Children’s Online Privacy Protection Act (“COPPA”) requires parental consent for collection of data from children younger than the age of 13 years old. For tips on protecting children’s privacy online, generally, please view the U.S. Federal Trade Commission (“FTC”) website at http://www.ftc.gov/privacy/privacyinitiatives/childrens.html.
We follow generally accepted industry standards to protect the Personal Data submitted to us, both during transmission and once we receive it. However, due to the nature of Internet communications and evolving technologies, unauthorized entry or use, hardware or software failure, and other factors, the security of End User information may be compromised at any time. No method of transmission over the Internet, or method of electronic storage, is 100% secure.
Therefore, we cannot guarantee the absolute security of Personal Data and disclaim any assurance that such information will remain free from loss, misuse, or alteration by third parties who, despite our efforts, obtain unauthorized access.
CALIFORNIA PRIVACY RIGHTS
If an End User is a California resident, California Civil Code Section 1798.83(c)(2) permits such individual to request information regarding the disclosure of his/her information by GLASSBOX to third parties for such third parties’ direct marketing purposes. To make such a request, please send us an email to firstname.lastname@example.org.
RESOLVING DISPUTES; COMMUNICATING WITH US
We strive to respond to all End User requests as quickly as practicable. If you feel that your request has not been addressed in a timely manner after sending an email to the above-referenced email address, you may send an email directly to our Privacy and Compliance Officer at the following address: email@example.com.
Although we will endeavor to resolve all disputes arising between an End User and GLASSBOX in an amicable and expeditious manner, End Users may invoke binding arbitration when other dispute resolution procedures have been exhausted. Under those circumstances, GLASSBOX’s exclusive means of resolving individual privacy complaints is through JAMS (https://www.jamsadr.com/), an alternative dispute resolution provider. Any such proceedings shall be conducted in JAMS’ NY-based offices (NY Times Building, 620 8th Avenue, New York, NY 10018). Judgement on the award rendered in any such arbitration may be entered in any court having jurisdiction.
Last updated: January 2020