Crownpeak Privacy Policy

Privacy Policy

Crownpeak Technology, Inc. and its subsidiaries (including Evidon Inc., Magus Research Limited and Crownpeak GmbH ('we', 'us', 'Crownpeak,' or ‘Company’) are firmly committed to your privacy and compliance with all applicable privacy laws. This privacy policy describes how we collect and process personal information about you; how we use and protect this information, and your rights in relation to this information. It also describes your choices regarding use, access and correction of your personal information, as well as your rights in determining what we do with the information that we collect or hold about you. 

Our goal is to empower you by giving you straightforward and clear information so you can make informed decisions about our products and services.

1. Our processing activities

The personal information we collect about you varies depending on your interactions with us. This privacy policy applies to the processing of personal information by us when you:

• Visit our websites that display our link to this privacy policy;
• Use our products and services (“Platforms”) as an authorized user (e.g. on behalf of one of our customers);
• Receive communications from us, including emails, etc.; Visit our offices;
• Register for, attend and/or otherwise take part in our events or webinars; and Participate in the Crownpeak community.

This privacy policy does not apply to third party services that use and implement our products and services or links on our websites to websites operated by other providers. If you click on these links, we no longer have any influence over the data that is collected by the third party or the way it is used and you must refer to the respective provider’s privacy policy.

2. Types of information we collect

We will collect personal information from a variety of sources, including from you directly (e.g. when you contact us), automatically (e.g. your IP address) and from other sources (e.g. social media sites).

Personal information is information, or a combination of pieces of information that could reasonably allow you to be identified. As used in this Privacy Policy, “personal information” does not include:

• information that is lawfully made available from federal, state or local government records.
• deidentified or aggregated information.
• information excluded from the scope of the relevant legislation. 

You can access, delete, and control certain uses of your information as set out in the “Your rights” section below.

3. How we use the information we collect

We use information we collect about you primarily to provide our services/products to you, and we must have a legal basis to process your personal information, such as to fulfil our contractual obligations to you or to meet our legitimate interests.

We use your personal information to:

• Identify you and create a profile when you register with us to use our services or Platforms;
• Verify your identity when you access and use our Platforms to ensure the security of your information;
• provide customer support (e.g. if you have issues logging in or using our services);
• administer and host our events and/or webinars, for which you register or attend; improve the services and products we offer to you to provide you and other customers with the best possible service, and make it more usable and appealing; perform data analytics, including creating reports to provide our partners with aggregated information about how users interact with their sites, and providing aggregated trend reports to third parties;
• communicate with you about our services and/or Platforms, including providing you with information about features and possible changes to our privacy policy or terms of use;
• deal with your enquiries and requests (e.g. following a training session or a demonstration of our products);
• send you promotional and marketing information (e.g. news, special offers) about our products and services, unless you have opted out of marketing, or if we are otherwise prevented by law from doing so;
• personalize the marketing messages we send you to make them relevant by analyzing the details of the products and services you have with us to make suggestions for other products or services in which we believe you will also be interested;
• ensure that our records are kept accurate and up to date where you, your employees or contractors work on our facilities;
• defend ourselves against legal claims and/or comply with legal obligations to which we are subject (e.g. providing information to HMRC to prevent money laundering); and
• retarget ads to you on third party websites based on visits to our website (e.g., when you visit our site, we will drop a cookie. When you visit other websites, this cookie may enable us to display our ads to you on these third-party websites). This allows us to make special offers and continue to market our services to those who have shown interest. We do not collect any information that directly identifies you (e.g. name or email address) and we rely instead on other ways to identify you, such as cookies. If you wish to not have this information used for the purpose of serving you interest- based ads, you may opt-out by clicking https://cop.evidon.com/ or if located in the European Union, click http://youronlinechoices.eu. Please note this does not opt you out of being served ads. You will continue to receive generic ads. For more information, please see our cookie policy. 

We must have a legal basis to process your personal information. In most cases the legal basis will be one of the following:

• to fulfil our contractual obligations to you, for example to provide the services you request, and for ensuring you are able to access our premises when required. Failure to provide this information may prevent or delay the fulfilment of these obligations;
• to comply with our legal obligations to you, for example to obtain proof of your identity to enable us to meet our fraud prevention and anti-money laundering obligations; and
• to meet our legitimate interests, for example, to ensure that the services function correctly with our systems. When we process personal information to meet our legitimate interests, we put in place robust safeguards to ensure that your privacy is protected and to ensure that our legitimate interests do not override your interests or fundamental rights and freedoms.

4. How we share the information we collect

We may share your personal information with third parties under the following circumstances:

• Service providers and business partners. We may share your personal information with companies that perform services on our behalf, including improving functionality of our Platforms and websites, collecting information about you and assisting us with IT and social media management and data analytics. These companies are authorized to use your personal information only as necessary to provide these services to us. In such cases, these companies must abide by our data privacy and security requirements and are not allowed to use personal information they receive from us for other purposes;
• Crownpeak group companies. Crownpeak Technology, Inc. works closely with other
• businesses and companies that fall under the Crownpeak group of companies. We may share your personal information with other Crownpeak group companies for marketing purposes, internal reporting, customer insights and service optimization.
• Law enforcement agency, court, regulator, government authority or other third party. We may share your personal information with these parties where we believe this is necessary to comply with a legal or regulatory obligation such as to comply with a subpoena or other legal process, or otherwise to protect our rights or the rights of any third party, investigate fraud, or respond to a government request.
• Restructuring. We may share your personal information during the course of business negotiations and transactions (for example, a reorganization, merger, sale, or transfer of some or all of our assets) to the extent necessary to facilitate the restructuring. In such an event, you will be notified via email and/or a prominent notice on our website of any change in ownership, incompatible new uses of your personal information, and choices you may have regarding your personal information.
• In the context of Crownpeak hosted events and/or webinars. We may share your personal information (e.g., name, email, job title) with our sponsors with your consent, if required by applicable law. For Company-sponsored events, we may share your personal information with other attendees via a mobile app which is used to facilitate locating attendees.

Satisfactory guarantees of legally compliant processing have been obtained and may be requested via e-mail.

These include:

• Technical and organizational measures
• SOC2 Certification
• ISO27001 Certification
• Data Processing Agreements (incorporating the GDPR Standard Contractual Clauses where required)

5. Sales of information to other parties

We may sell your personal information to third parties, subject to your right to opt-out of those sales (See “Your rights” below).

In the preceding twelve (12) months, we have sold the following categories of personal information:

•  Personal identifiers;
• California Customer Records personal information categories;
• Commercial information;
• Internet or other similar network activity;
• Inferences drawn from other personal information;
• Location data; and
• Professional or employment-related information.

6. Your rights

Subject to local law, you have certain additional rights regarding your personal information, including the following rights to:

• access your personal information;
• rectify the information we hold about you; 
• erase your personal information;
• restrict our use of your personal information; 
• object to our use of your personal information;
• not be subject to a decision based solely on automated processing, including profiling, which produces legal effects;
• receive your personal information in a usable electronic format and transmit it to a third party (also known as the right to data portability);
• lodge a complaint with your local data protection authority; and
• withdraw any consent you have given to uses of your personal information (such as in relation to cookies or our direct marketing activities).

We encourage you to contact us to update or correct your information if it changes or if the personal information we hold about you is inaccurate. We will respond to your request within a reasonable timeframe. Please note that we will likely require additional information from you in order to honor your requests. 

Your request should be directed to https://www.crownpeak.com/about/data-subject-access-request.

If you would like to discuss or exercise such rights, please contact us at the details below.

Information about your right of objection according to Art. 21 GDPR Individual right of objection

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Art. 6(1)(f) GDPR (data processing on the basis of a balance of interests); this also applies to profiling based on this provision within the meaning of Art. 4 No. 4 GDPR. 

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.

The California Consumer Privacy Act:

If you reside in California or in a jurisdiction that provides similar rights, under the California Consumer Privacy Act (“CCPA”), in addition to the erasure and portability rights mentioned above, you have specific rights regarding your personal information, including: 

• Right to Know About Personal Information Collected, Disclosed or Sold. You have the right to request that we disclose certain information to you about our collection, use, disclosure or sale of your personal information over the prior twelve (12) months. Once we receive and confirm your verifiable consumer request, subject to certain limitations that we describe below, we will disclose such information to you. You have the right to request any or all of the following:
• The categories of personal information we collected about you.
• The categories of sources from which the personal information is collected.
• Our business or commercial purpose for collecting or selling that personal information.
• The categories of third parties with whom we share that personal information.
• The specific pieces of personal information we collected about you

To exercise the right to know about personal information described above (or the right to erasure or portability under CCPA), please submit a request to us by either:

• Visiting www.crownpeak.com; or
• Emailing us at privacy@crownpeak.com.

Only you, or a person or business entity registered with the California Secretary of State that you authorize to act on your behalf (an “authorized agent”), may make the requests set forth above. You may also make a request on behalf of your minor child.

The request should include your contact information and describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. In addition, you should provide sufficient information (including valid e-mail address) that allows us to reasonably verify that you are the person about whom we collected the personal information or an authorized representative.

We will respond to consumer requests in a reasonably timely manner. If we require extra time to respond, we will inform you of the reason and extension period in writing.

In order to protect the security of your personal information, we will not honor a request if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. The method used to verify your identity will vary depending on the nature of the request. Generally speaking, verification will be performed by matching the identifying information provided by you to the personal information that we already have.

Any disclosures we provide will only cover the twelve (12) month period preceding our receipt of your request. We are not obligated to provide the information set forth above.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Personal Information Sales Opt-Out and Opt-In Rights. You have the right to direct us to not sell your personal information at any time (the "right to opt-out"). We do not sell the personal information of consumers we actually know are less than 16 years of age, unless we receive affirmative authorization (the "right to opt-in") from either the consumer who is at least 13 and less than 16 years of age, or the parent or guardian of a consumer less than 13 years of age.

To exercise the right to opt-out, you (or your authorized representative) may submit a request to us by visiting the following Internet Web page:

Do Not Sell My Personal Information

Alternatively, you may submit an opt-out request by contacting us at privacy@crownpeak.com.

Non-Discrimination. We will not discriminate against you for exercising any of your CCPA rights, including, but not limited to, by:

• Denying you goods or services.
• Charging you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
• Providing you a different level or quality of goods or services.
• Suggesting that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

Please note that if we have obtained or received your personal information by or on behalf of a customer and you wish exercise any of your rights under applicable data protection laws, please liaise with the relevant customer directly.

7. Email communication, advertising, and tracking preferences

If you no longer wish to receive marketing information from us, you can let us know by contacting us at the contact details below, or by clicking the ‘unsubscribe link’ or accessing the 'Change Your Preferences' link we provide in our marketing communications. Please note that this does not opt you out of receiving important business communications related to your current relationship with us, such as security information. We use non-personally identifying information to facilitate cross device association. We or our third-party vendors analyze device activity data using a mathematical tool known as a “probabilistic algorithm” to determine if you have interacted with content across multiple devices and to match such devices. In connection with this analysis, we may rely on non- personally identifiable information (including demographic, geographic and interest-based data) from third parties such as data vendors, pursuant to their own privacy policies or we may use the non-personally identifiable information we collect in conjunction with such third party data. Based on this data, we may then display targeted advertisements across devices that we believe are associated and may provide other services to our advertisers such as tools, analyses, data and insights to see how their website or mobile applications are used and to further enable the display of targeted advertisements to you, including across your devices. Our advertisers may also provide us with deterministic data about you that may be used to supplement our probabilistic data. Based on this data, we may then display targeted advertisements across devices that we believe are associated and may provide other services to our advertisers such as tools, analyses, data and insights to see how their website or mobile applications are used and to further enable cross-device targeting and analysis. In order to restrict our use of certain cross-device data, you may opt out in accordance with this section or the “Your rights” section above.

8. Information security and storage

We implement technical, physical and organizational measures to ensure a level of security appropriate to the risk to the personal information we process. These measures are aimed at ensuring the on-going integrity and confidentiality of personal information. We evaluate these measures on a regular basis to ensure the security of the processing. We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once we receive it. No method of transmission over the internet, or method of electronic storage, is 100% secure, however. Therefore, we cannot guarantee its absolute security. If you have questions about the security of your personal information, or if you have reason to believe that the personal information that we hold about you is no longer secure, please contact us immediately as described in this Privacy Policy.

Crownpeak Technology, Inc. has been audited and received a SOC 2 report addressing the security, confidentiality and availability of our products, services, and Platforms.

Crownpeak Technology, GmbH has been audited and received an ISO27001 certification addressing the security, confidentiality and availability of our management system.

9. How long is information retained?

We may retain your personal information for as long as we have a relationship with you and for a period of time after our relationship with you has ended. Information for a period of time that enables us to:

• Maintain business records for analysis and/or audit purposes;
• Comply with record retention requirements under the law; 
• Comply with our legal obligations;
• Defend or bring any existing or potential legal claims;
• or Deal with any complaint regarding any of our services. 

We will delete your personal information when it is no longer required for these purposes. If there is any information that we are unable, for technical reasons, to delete entirely from our systems, we will put in place appropriate measures to prevent any further processing or use of the information.

10. Our commitment to children's privacy

We do not knowingly collect personal information from anyone under the age of 18. If a parent or guardian believes that their child has provided us with personal information without consent, please contact us by using the information below, and we will use our best efforts to delete such information from our systems.

11. Where we may transfer your information

Your personal information may be transferred globally in accordance with appropriate safeguards. Your personal information may be transferred to, stored, and processed in a country that is not regarded as ensuring an adequate level of protection for personal information under European Union law. However, we have put in place appropriate safeguards (such as the EU Standard Contractual Clauses) in accordance with applicable legal requirements to ensure that your data is adequately protected. For more information on the appropriate safeguards in place, please contact us at the details below.

Crownpeak is responsible for the processing of personal data it receives and subsequent transfers to a third party acting as an agent on its behalf. Crownpeak complies with all applicable laws for all onward transfers of personal data from the EU, UK and Switzerland, including the onward transfer liability provisions.

In certain situations, Crownpeak may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Our servers are maintained in the United States of America. By using our website or Platforms, you freely and specifically give us your consent to export your personally identifiable information to the USA. You understand that data stored in the USA may be subject to lawful requests by the courts or law enforcement authorities in the USA.

We are certified to the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce. Accordingly, our privacy practices regarding the collection, use and retention of all personal information transferred from the EU and Switzerland to the U.S. are subject to this framework and are consistent with the Privacy Shield Principles of notice, choice, onward transfer, security, data integrity and purpose limitation, access, and enforcement. To learn more about the Privacy Shield Framework, and to view our certification, please visit https://www.privacyshield.gov/list.

Crownpeak is responsible for the processing of personal data it receives, under the Privacy Shield Framework, and subsequent transfers to a third party acting as an agent on its behalf. Crownpeak complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.

With respect to personal data received or transferred pursuant to the Privacy Shield Framework, Company is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Crownpeak may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Crownpeak has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/privacy-shield-complaints/ for more information and to file a complaint. This service is provided free of charge to you.

Under certain conditions, more fully described on the Privacy Shield website located at:

www.bbb.org/EU-privacy-shield/for-eu-consumers to https://bbbprograms.org/privacy-shield-complaints you may invoke binding arbitration when other dispute resolution procedures have been exhausted.

12. Information related to data collected on the Crownpeak platforms

Information Related to Data Collected by Customer on the Crownpeak Platforms

The use of information collected through our service is limited to the purpose of providing the service for which our customer has subscribed. In these circumstances, Crownpeak collects information under the direction of its customers and has no direct relationship with the individuals whose personal data it processes. If you are a customer of one of our customers and would no longer like to be contacted by one of our customers that use our service, please contact the customer that you interact with directly. 

Anyone who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct their query to Crownpeak's customer (the data controller under GDPR or the business under CCPA). If requested to remove data by one of our customers, we will respond within a reasonable timeframe. 

Crownpeak retains personal data we process on behalf of our customer for as long as necessary to provide services to our customer. Crownpeak will retain this personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

13. Contact us

You can contact us if you would like to exercise your rights, or if you have any questions or concerns. Crownpeak Technology, Inc. is the controller responsible for the personal information we collect and process (except for the personal information collected on Crownpeak Platforms for customers, as described above).

If you have general questions or concerns regarding the way in which your personal information has been used, please send us an email at privacy@crownpeak.com or write to us at this address: Crownpeak Technology, Attention: Privacy Department, 707 17th St., Floor 38, Denver, CO 80202 United States of America. 

If you are outside North America and you have general question or concerns regarding the way in which your personal information has been used, please contact us at dataprivacy@e-spirit.com write to us at this address activeMind AG Technologie- und Managementberatung, Kurfürstendamm 56, 10707 Berlin

14. Changes to the policy

We may update this privacy policy from time to time. We encourage you to periodically review this page for the latest information on our privacy practices. If we make any material changes in the way we collect, use, and/or share the personal information that you have provided, we will notify you by posting notice of the changes to this page.

15. Facebook & Instagram for data subjects in the EEA and EU and the UK

Data processing through our Facebook and Instagram profile.

We maintain profiles as well as fan pages on Instagram and Facebook.

Through a simple link, you can go from our website to our presences on the social networks Facebook and Instagram. These platforms are provided by Meta Platforms, Menlo Park, California, USA. We maintain these Facebook/Instagram pages in order to inform users or interested parties as well as customers about our services.

We cannot rule out the possibility that, when our company websites are called up on these social networks, third-country transfers may take place, e.g. to servers located in the USA. Furthermore, we would like to point out that as the operator of a Facebook/Instagram fan page, we are jointly responsible with Facebook for processing the personal data of visitors to the page (Art. 26 GDPR). For this purpose, we have concluded corresponding contracts with Facebook. Due to data processing in the USA, we have concluded corresponding standard contractual clauses with this company. You can access the standard contractual clauses at the following link: https://www.facebook.com/help/566994660333381. 

As an operator, we do not make any decisions regarding the processing of Insights data and any other information resulting from Art. 13 GDPR, including legal basis, identity of the controller and storage period of cookies on user end devices.

Facebook acknowledges shared responsibility for Insights Data with the operators of the Sites and assumes primary responsibility, see: https://www.facebook.com/legal/terms/page_controller_addendum

Provided you have a Facebook/Instagram profile and are logged in, Facebook can, for example, analyze your usage behavior and create a usage profile corresponding to your usage behavior. This user data is regularly processed for market research and (personalized) advertising purposes.

The processing of the data is based on your consent pursuant to Art. 6 (1) (a) GDPR.

If you wish to make requests for information or assert your user rights, it is possible to assert these rights against us or Facebook. Further information regarding the collection and use of data as well as your rights and protection options can be found at 

https://facebook.com/about/privacy and https://instagram.com/about/legal/privacy/ 

Please note that Facebook Insights as well as the entire Facebook Fanpage is a service of Meta Platforms.

As the provider of the fan page and the Facebook Insights tool, Facebook collects and analyzes personal data required for our statistics and is thus able to establish personal references based on this data. However, we do not know which data is specifically collected by Facebook for the creation of the Insights statistics provided to us anonymously and for which purposes beyond the creation of these page statistics these are processed by Facebook. In addition, we would like to point out that we have no influence on personal data collection and processing carried out by Facebook itself that goes beyond our own, aforementioned statistical purposes and their scope. Facebook may, for example, create usage profiles based on the data collected and processed for us and beyond, and may establish links to your private profile on Facebook or on other platforms. Facebook alone is responsible for this further data collection and processing.

For more information on the use of Facebook Insights, please visit: 

https://www.facebook.com/legal/terms/information_about_page_insights_data

Privacy Notice:

https://www.facebook.com/policy.php

https://www.facebook.com/help/186325668085084