Last Updated February 26th, 2019
PART I. GENERAL INFORMATION
Our commitment to privacy
Ensighten adheres to industry best practice privacy principles with respect to our data collection practices. This includes data collection on our own Websites, including the Website that you are now visiting, as well as the websites that customers use to access the data we collect on the their behalf pursuant to their instructions when providing Services to them.
The key privacy principles that guide our use of data are:
- Notice – Ensighten is committed to making information about our data collection practices readily available to you so that you can make informed decisions about your activities on our Websites (see the “What We Collect and How We Use It” section below). We encourage our customers to do the same when we collect data in the course of providing Services to them too.
- Choice – Ensighten provides you with the opportunity to elect not to participate in certain data collection activities through our Websites (see the “What We Collect And How We Use It” and “Unsubscribe from Our Mailing List” sections below).
- Access – We provide all visitors to our Websites with the opportunity to access, review, modify, and delete any personal information that has previously been provided or collected (see the “Update and Access Your Information” section below).
PART II. WHAT WE COLLECT AND HOW WE USE IT
Information we automatically collect when you use the Websites
We have designed the portions of the Websites which do not require password access so that visitors can navigate and view content without having to provide any directly identifying personal contact details to us, such as their name, address, e-mail or telephone number.
However, when you visit this Website, we collect certain information related to your device, such as your device’s IP address, referring website, what pages your device visited, and the time that your device visited our Website.
We will use this information:
- to administer our Websites and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- to improve our Websites to ensure that content is presented in the most effective manner for you and for your computer; and
- as part of our efforts to keep our Websites safe and secure.
Information you give to us when using the Websites
We may also collect any personal information that you choose to send to us or provide to us on our online forms (such as our “Resume Submission” or “Request for Information” forms).
We will use this information for purposes made clear to you at the time you submit your information – for example, to fulfill your request for support, to provide you with information you have requested about our products and services, or to consider your application for employment.
We and our third party marketing partners may also use the information you send to us for our marketing purposes, if this is in accordance with your marketing preferences. However, you will always be able to opt-out of our marketing at any time (see the “Unsubscribe from Our Mailing List” section below).
What we collect from customers of Ensighten Services
If you are an Ensighten customer, then when your users access their data via our secure web interface, we collect certain device-related information about the way they use our Services, such as their IP address, the type of browser they are using, and the numbers and durations of site visits. We also collect user ID, username, and password.
We use the information that we collect to deliver and improve our Services, to relay administrative information, and to verify login information.
What we collect for customers when they use our Services
When you use websites owned or controlled by our customers that are using Ensighten Services, you may also be providing certain additional types of information to our customers other than those described above, such as tracking tags and cookies, or any data that our customers choose to collect, store and use.
By default, the Ensighten Services do not collect, store or use any directly-identifying information, such as names or addresses. In fact, we recommend and encourage our customers not to collect, store or use any such directly-identifying personal information in connection with our Services.
However, our Services will collect certain information about your device. In this context, we collect only the device-related information that our customers instruct us to collect as necessary to provide Services to them. In general, this will typically include certain network-related information, the device’s hardware model, operating system version, and browser type and version. We use this information to help our customers understand the general locale of their visitors, to provide analytics information to our customers about how visitors interact with their digital properties and to monitor, maintain, and improve our Services. We encourage our customers to disclose the use of our Services in their own privacy statements.
Disclosure of information to third parties
As we continue to develop our business, we may sell certain parts of our business or our assets. In such transactions, visitor information is likely to be one of the transferred business assets. Also, in the event that Ensighten, Inc. or substantially all of its assets is acquired, our visitor information may be an asset that is reviewed and transferred by or to a third party. This means that if a third party buys Ensighten, Inc., a corporate group member or its assets, then we may disclose information to that third party in connection with the sale. We will make clear to the relevant third party purchaser that it should only use personal information it receives from us for the purposes for which it was originally obtained.
We may also disclose information where we believe necessary in order to protect the vital interests of any person, or exercise, establish or defend our legal rights. We may also request your consent to share your personal information with some third parties and, in this circumstance, we will only share your personal information with parties for whom you have consented.
Finally, we may forward to our service providers the information we collect about you, but only for the limited purpose of them providing a service to us, such as fulfilling on our behalf a request for information about Ensighten.
Part III. Your Privacy Rights
Update and Access to Your Information
We provide all visitors to our Websites with the opportunity to access, review, modify, and delete any personal information that has previously been provided. You can send an email to email@example.com, or call us on 888-553-6744 for this purpose (this number is toll free for US residents). If you make a request to access your personal information we may charge you a fee subject to a maximum specified by applicable law.
If you wish to access, review, modify, and delete any personal information that any Ensighten customer has collected through the use of our Services, please contact that customer directly.
Unsubscribe from Our Mailing List
You may at any time ask us to remove you from any mailing list on which you previously asked us to include you by sending us an email at firstname.lastname@example.org, by calling us on 888-553-6744 (this number is toll free for US residents), or by clicking “Unsubscribe” in any e-mail communications we send you.
PART IV. International transfers and security
Processing of information in the U.S. and elsewhere
We use appropriate technical, organizational and administrative measures to protect any personal information we process about our visitors, our customers and their end users. Transmissions to and from secure areas of our Website are protected using TLS (Transport Layer Security) encryption.
However, please note that no Internet transmission can ever be guaranteed 100% secure, and so we encourage you to take care when disclosing personal information online and to use readily available tools, such as Internet firewalls, anti-virus and anti-spyware software, and similar technologies to protect yourself online.
Part V. Cookies on our Websites
Cookies on our Websites
When you visit our Websites we may send one or more cookies to your browser. They enable us to store information about your device that is then used for matching certain other device related information that we collect via the browser. This helps us, amongst other things, to provide you with a good experience when you browse our Website and also allows us to improve our Websites.
The table below explains what cookies are used on the Websites.
|Types of cookie||Who serves these cookies||How to refuse|
|Essential website cookies: These cookies are strictly necessary to provide you with services available through our Websites and to use some of its features, such as access to secure areas.||Ensighten (www.ensighten.com), Marketo (www.marketo.com), Wistia (www.wistia.com)||Because these cookies are strictly necessary to deliver the Websites to you, you cannot refuse them.
You can block or delete them by changing your browser settings however, as described below.
|Performance and functionality cookies: These cookies are used to enhance the performance and functionality of our Websites but are non-essential to their use. However, without these cookies, certain functionality may become unavailable.||LiveChat Inc. (www.livechatinc.com), Vimeo (www.vimeo.com)||To refuse these cookies, use Ensighten’s Consent Management Tool or follow the instructions below under the heading “How can I control cookies?”|
|Analytics and customization cookies: These cookies collect information that is used either in aggregate form to help us understand how our Websites are being used or to help us customize our Websites for you.||Google Analytics (analytics.google.com), Ensighten Pulse (measure.ensighten.com)||To refuse these cookies, use Ensighten’s Consent Management Tool or follow the instructions below under the heading “How can I control cookies?”
Alternatively, please click on the relevant opt-out link below:
|Advertising cookies: These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.||Google Ads (www.google.com)||To refuse these cookies, use Ensighten’s Consent Management Tool or follow the instructions below under the heading “How can I control cookies?”
Alternatively, please click on the relevant opt-out link below:
|Social networking cookies: These cookies are used to enable you to share pages and content that you find interesting on our Websites through third party social networking and other websites. These cookies may also be used for advertising purposes too.||Facebook (www.facebook.com), Google+ (plus.google.com), LinkedIn (www.linkedin.com), Twitter (www.twitter.com)||To refuse these cookies, use Ensighten’s Consent Management Tool or follow the instructions below under the heading “How can I control cookies?”
Alternatively, please click on the relevant opt-out link below:
You have the right to decide whether to accept or reject cookies. You can exercise your cookie preferences by using Ensighten’s Consent Management Tool or by clicking on the appropriate opt-out links provided in the cookie table above.
Part VI. Other important information
At Ensighten, we have always been dedicated to privacy, security, compliance and transparency. This commitment extends to keeping our customers’ and partners’ compliant with EU data protection requirements as outlined by the General Data Protection Regulation (“GDPR”) legislation that becomes into effect on May 25, 2018.
Ensighten helps customers and partners maintain control of their privacy and data security in numerous ways:
- Data Security: We provide our customers and partners compliance with high security standards, such as encryption of data in motion over public networks, auditing standards (SOC 2, ISO 27001, ISO 27018), Distributed Denial of Service (“DDoS”) mitigations, and global support team available to assist.
- Disclosure of Customer Service Data: Ensighten only discloses Service Data to third parties where disclosure is necessary to provide the services or as required to respond to lawful requests from public authorities.
- Trust: Ensighten enacted security protections and control processes to help our customers ensure a secure environment for their information. Independent third-party experts have verified Ensighten’s adherence to high industry standards.
- Access Management: Ensighten provides an advanced set of access and encryption features to help our customers and partners effectively protect their information. Ensighten does not access or use customer or partner content for any purpose other than providing, maintaining and improving Ensighten services and as otherwise required by law.
GDPR Pulse Product Readiness
Pulse (Ensighten data collection technology) has functionality available to our customers and partners to allow them to present their audience/visitor the choice of opt-in and opt-out from tracking services.
Right to Erasure
Our customers can request for access or removal of data from our systems. Requests are triaged and addressed after acknowledgment of receipt. A unique identifier must be provided to allow those records to be located for access or erasure.
PRIVACY SHIELD FRAMEWORK NOTICE
Privacy Shield Principles.
Ensighten participates in the Privacy Shield Framework, a set of Principles promulgated by the U.S. Department of Commerce in consultation with the European Commission to protect personal data transferred to the United States. A list of participants in Privacy Shield can be found at https://www.privacyshield.gov/list. Ensighten is committed to adhering to the Privacy Shield Principles, stated at https://www.privacyshield.gov/article?id=OVERVIEW (the “Principles”), with respect to all personal data received from the European Union in reliance upon the Privacy Shield The Principles include, among other things, respect for the choices of data subjects concerning the disclosure of their personal data, maintenance of appropriate security measures to safeguard such data, and commitment to comply with obligatory dispute resolution mechanisms.
Tagman, Ltd., a wholly-owned subsidiary of Ensighten based in the United Kingdom, also adheres to the Privacy Shield Principles
Visitors to Ensighten’s Website. Ensighten collects information related to the device used to visit its web pages, including the device’s IP address, referring website, what pages were visited, and the time that the device visited Ensighten’s website. This information is used to administer Ensighten web pages; for operations such as troubleshooting, data analysis, testing, research, statistical and survey purposes; to improve them to ensure that content is presented in the most effective manner; and as part of efforts to keep the websites safe and secure. Visitors to Ensighten’s website also may choose to provide additional information, such as in the course of requesting additional information from Ensighten, or to submit a resume for consideration for employment. In such cases, the purposes for which the information is sought are stated clearly at the time it is requested. Ensighten also may use such information submitted voluntarily for marketing purposes, and furnish it to its marketing partners for that purpose, subject to the visitor’s stated marketing preferences and right to opt out of such marketing.
Human Resources. Ensighten collects and retains personal data of its own employees and contractors as reasonably necessary for purposes of managing its human resources, including functions of onboarding, payroll, tax withholding, pension entitlement calculations, health insurance eligibility, and vacation benefits.
Customer Contract Interface. Ensighten also collects and retains contact information of identified personnel of its customers, for purposes of managing its delivery of services to, and contractual relationships with, those customers.
Customer Services. Ensighten provides cloud-delivered tools via subscription, to enable its Customers to manage deployment of marketing technologies via their online properties or web pages. Ensighten Customers may gather personal data of visitors to their websites in the course of using Ensighten tools, and they control the processing of all such data. In most cases, Ensighten only processes, in encrypted form, the internet protocol address, approximate geographic location, and internet browser type of the device used to access our customer’s web page. Some Customers may use specialized Ensighten technologies to gather, for marketing purposes, more detailed data about visitors’ interaction with their online properties. Ensighten offers proprietary technology solutions, such as its Privacy Module, to facilitate its Customers to obtain the conscious consent of visitors to the transmission of all personal data, and encourages its Customers to do so.
Data Protection Rights.
You have the right to access, review, modify, and delete any personal information which has previously been provided about you that Ensighten holds, or which has been processed in violation of the Principles, except where the burden or expense of providing access would be disproportionate to the risks to your privacy in the case in question, or where the rights of other persons would be violated.
To contact Ensighten with any inquiries or complaints regarding the collection or use of personal data, email email@example.com, or telephone 888-553-6744 (toll free for US residents), nor address correspondence to Ensighten, Inc., Attention: Privacy & Security Department, 226 Airport Parkway, Suite 390, San Jose, California 95110. In the United Kingdom Ensighten can be contacted via Tagman Ltd., Attention: Privacy & Security Department, Henry Wood House, 7th Floor, 2 Riding House Street, London W1W 7FA.
For security purposes, Ensighten only fulfills requests for the personal data associated with the particular email address used to transmit the request. Ensighten may need to verify the identity of the person submitting the request.
Each Ensighten Customer sets its own policies concerning whether and what personal information it collects, stores or uses through the use of Ensighten services. All questions about how an Ensighten Customer collects, stores or uses personal data, and requests to review, modify, and delete personal data that was collected by an Ensighten Customer, should be addressed directly to that Customer.
Limiting the Use and Disclosure of Personal Information.
Portions of Ensighten’s websites do not require password access, so that visitors may navigate and view content without having to provide any directly identifying personal contact details, such as name, address, e-mail address or telephone number.
If you decline your consent to share such personal information with some third parties, Ensighten will only share your personal information with parties for whom you have consented. If you have provided additional information, such as to request information from Ensighten, or to submit a resume, you may request to be removed from any mailing list on which you previously asked us to include you by sending an email to firstname.lastname@example.org, by calling us on 888-553-6744 (toll free for US residents), or by clicking “Unsubscribe” in any e-mail communications from Ensighten.
Disputes and Recourse.
Ensighten is committed to cooperate with the European data protection authorities (“DPAs”), listed at http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm, to provide recourse for individuals to whom the data relate; follow up procedures for verifying that the attestations and assertions Ensighten has made about its privacy practices are true; and remedies for problems arising out of its failure to comply with the Principles. Ensighten will (i) cooperate with the DPAs in the investigation and resolution of complaints brought under the Privacy Shield; (ii) comply with any advice given by the DPAs, where the DPAs take the view that Ensighten needs to take specific action to comply with the Privacy Shield Principles, including remedial or compensatory measures for the benefit of individuals affected by any non-compliance with the Principles; and (iii) provide the DPAs with written confirmation that such action has been taken.
Ensighten also will comply with the authority of the Swiss Data Protection and Information Commissioner (see https://www.edoeb.admin.ch/edoeb/en/home.html), who can be contacted at email@example.com or telephone +41 (0)58 462 43 95, Monday to Friday from 10am to 12pm (local time).
Individuals to whom the data relate also may invoke binding arbitration before the Privacy Shield Panel, to resolve claims not resolved through the above mechanisms, that Ensighten has violated the Privacy Shield Principles. A list of authorized arbitrators, chosen on the basis of independence, integrity, and expertise, is developed by the U.S. Department of Commerce and the European Commission.
Ensighten is also subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.
Legally Required Disclosure.
Ensighten may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Transfer of Data to Third Parties.
Transfers to Data Controllers. Ensighten’s Customers act as the controllers of any personal data that they gather using Ensighten’s subscription tools. As a precondition of transferring any personal data to a Customer in the role of the Customer’s data processor, Ensighten must enter into a contract with the Customer, providing that the Customer (i) may process such data only for limited and specified purposes consistent with the consent provided by the individual; (ii) will provide the same level of protection as the Principles; and (iii) if the Customer makes a determination that it can no longer meet this obligation, it will notify Ensighten and cease processing the data, or take other reasonable and appropriate steps to remediate.
Data Sub-Processors. Ensighten’s services are cloud-delivered via major infrastructure providers such as Amazon Web Services. Any transfer by Ensighten of personal data to such an infrastructure provider or “agent” must be only for limited and specified purposes, as described above (including, in the course of providing its services, as instructed by a Customer, in the role of data controller). As a precondition of transferring any personal data to a cloud infrastructure provider as a sub-processor or agent, Ensighten must (i) ascertain that the agent is obligated to provide at least the same level of privacy protection as the Principles require; (ii) take reasonable and appropriate steps to ensure that the agent effectively processes such personal information in a manner consistent with Ensighten’s obligations under the Principles; (iii) require the agent to notify Ensighten, if it makes a determination that it no longer can meet its obligation to provide the same level of protection as the Principles require; (iv) upon such notice, take reasonable and appropriate steps to stop and remediate unauthorized processing; and (v) upon request of the Department of Commerce, provide a summary or a representative copy of the relevant privacy provisions of its contract with the agent.
Please be aware that we are not responsible for the privacy practices of other websites that are linked to from our Websites. We encourage our visitors to be aware when they leave our Websites and to read the privacy statements or policies of each and every website that they visit.
How to Contact Us
If you feel that your complaint has been addressed incompletely, we invite you to let us know for further investigation.
Attn: Privacy & Security Department
226 Airport Pkwy, Suite 390
San Jose, CA 95110