Clarabridge Privacy Policy

Clarabridge, Inc. and our subsidiaries including, Engagor NV and Market Metrix, a Clarabridge Company, LLC (“Clarabridge” or “we”) are committed to protecting your privacy. This Privacy Policy describes our privacy practices with respect to information, including personal information, collected from visitors to the Clarabridge website, made available at www.clarabridge.com, and corp.marketmetrix.com (collectively, the “Clarabridge website”) only. Unless otherwise set forth below (e.g., with regard to data transfer), this Privacy Policy does not apply to the information that we collect in our capacity as a service provider. Rather, the terms and conditions of a Subscription Services Agreement (or other master agreement that we entered with each such customer) applies to all such information.
This Privacy Policy describes who is responsible for the personal data that we collect about you, what personal data we collect, how we will use such personal data, who we may disclose it to and your rights and choices in relation to your personal data.

A Note About Children
We do not intentionally gather personal data about visitors who are under the age of 13.

Privacy Shield
Clarabridge processes personal data in the country in which we collect it and in other countries, including the United States, where laws regarding processing of personal data may be less stringent than the laws in your country. Clarabridge and its controlled U.S. subsidiaries comply with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data transferred from the European Union and Switzerland to the United States, including the personal data we process on the instructions of our customers (e.g., where we act as a service provider). Clarabridge has certified that it adheres to the Privacy Shield Principles, including the Privacy Shield Principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, recourse, enforcement and liability. If there is any conflict between the policies in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov.

The Federal Trade Commission (FTC) has jurisdiction over Clarabridge’s compliance with the Privacy Shield.

Data Controller
Clarabridge, Inc. is the data controller for the purpose of European Union data protection law, in respect of your personal data collected and used through your use of the Clarabridge website. This is because we dictate the purpose for which your personal data is used and how we use your personal data.

Collection of your Personal Data
Through the Clarabridge website, Clarabridge collects personal data through the features of its website. If you are providing personal data to us relating to a third party, you confirm that you have the consent of the third party to share such personal data with us and that you have made the information in this Privacy Policy available to the third party.
Clarabridge encourages you to review the privacy policies of websites you choose to link to from Clarabridge so that you can understand how those websites collect, use and share your information. Clarabridge is not responsible for the privacy policies or other content on websites other than the Clarabridge website, and the terms of this privacy policy does not apply to any other websites or content, or to any collection of data after you click on links to such outside websites.

Categories of Personal Information That We Collect, Disclose, and Sell

Categories of personal information

 

Do we collect? Do we disclose for a business purpose(s) Do we sell?
Name, Contact Information and other Identifiers: Identifiers such as a real name, alias, address, unique personal identifier, online identifier, Internet Protocol (IP) address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.

 

YES YES YES
Customer Records: Paper and electronic customer records containing personal information, such as name, signature, physical characteristics or description, address, telephone number, education, current employment, employment history, social security number, passport number, driver’s license or state identification card number, insurance policy number, bank account number, credit card number, debit card number, or any other financial or payment information, medical information, or health insurance information.

 

YES YES YES
Protected Classifications: Characteristics of protected classifications under California or federal law such as race, color, sex, age, religion, national origin, disability, citizenship status, and genetic information.

 

NO NO NO
Purchase History and Tendencies: Commercial information including records of personal property, products or services purchased, obtained, or considered, or other purchasing or use histories or tendencies.

 

YES YES YES
Biometric Information: Physiological, biological or behavioral characteristics that can be used alone or in combination with each other to establish individual identity, including DNA, imagery of the iris, retina, fingerprint, faceprint, hand, palm, vein patterns, and voice recordings, keystroke patterns or rhythms, gait patterns or rhythms, and sleep, health, or exercise data that contain identifying information.

 

NO NO NO
Usage Data: Internet or other electronic network activity information, including, but not limited to, browsing history, clickstream data, search history, and information regarding a resident’s interaction with an internet website, application, or advertisement, including access logs and other activity information related to your use of any Clarabridge websites, applications or other online services.

 

YES YES YES
Geolocation Data: Precise geographic location information about a particular individual or device.

 

YES YES YES
Audio, Video and other Electronic Data: Audio, electronic, visual, thermal, olfactory, or similar information such as demo/proof of concept call recordings and other audio recording (e.g., recorded meetings and webinars).

 

YES YES YES
Professional or employment-related information: Employment history, qualifications, licensing, disciplinary record.

 

YES YES YES
Education Information: Information about education history or background that is not publicly available personally identifiable information as defined in the federal Family Educational Rights and Privacy Act (20 U.S.C. section 1232g, 34 C.F.R. Part 99).

 

NO NO NO
Profiles and Inferences: Inferences drawn from any of the information identified above to create a profile reflecting a resident’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, or aptitudes.

 

YES YES YES

How We Obtain Your Personal Data
We collect information from you in the course of your use of the Clarabridge website. We also collect information while monitoring the Clarabridge website. We also gather information about you when you provide information to us, or interact with us directly, for instance filling out a website form or engaging with our staff or registering to attend one of our events or webinars or requesting a product demonstration.

We may also receive personal data about you from other third party sources. Clarabridge provides online feedback collection services to its clients. Typically, clients provide Clarabridge with data on customers and other stakeholders such as name, company, location and email address, which Clarabridge uses to invite participants to complete surveys or feedback forms. We may also obtain information about you from publicly available sources such as LinkedIn.

How We Use the Personal Data We Collect

Purpose Legal Basis
Providing Support and Services Including to provide our products and services, including our websites, applications and services; to communicate with you about your access to and use of our Services; to respond to your inquiries; to provide troubleshooting, fulfill your orders and requests, process your payments and provide technical support; and for other customer service and support purposes.

 

Analyzing and Improving Services and Operations Including to better understand how users access and use our Services, to evaluate and improve our Services and business operations, and to develop new Services; to conduct surveys and other evaluations (such as customer satisfaction surveys); and for other research and analytical purposes.

 

Personalizing Content and Experiences Including to tailor content we send or display on our websites and other Services; to offer location customization and personalized help and instructions; and to otherwise personalize your experiences.

 

Advertising, Marketing and Promotional Purposes Including to reach you with more relevant ads and to evaluate, measure and improve the effectiveness of our ad campaigns; to send you newsletters, offers or other information we think may interest you; to contact you about our Services or information we think may interest you; and to administer promotions and contests.

 

Securing and Protecting Our Business Including to protect and secure our business operations, assets, Services, network and information and technology resources; to investigate, prevent, detect and take action regarding fraud, unauthorized access, situations involving potential threats to the rights or safety of any person or third party, or other unauthorized activities or misconduct;

 

Defending our Legal Rights Including to manage and respond to actual and potential legal disputes and claims, and to otherwise establish, defend or protect our rights or interests, including in the context of anticipated or actual litigation with third parties.

 

Auditing, Reporting, Corporate Governance, and Internal Operations Including relating to financial, tax and accounting audits; audits and assessments of our operations, privacy, security and financial controls, risk, and compliance with legal obligations; our general business, accounting, record keeping and legal functions; and related to any actual or contemplated merger, acquisition, asset sale or transfer, financing, bankruptcy or restructuring of all or part of our business.

 

Complying with Legal Obligations Including to comply with the law, our legal obligations and legal process, such warrants, subpoenas, court orders, and regulatory or law enforcement requests.

 

Choices and Access Regarding Your Personal Data
Where we act as a data controller, we offer you choices regarding the collection, use, and sharing of your personal data. We may periodically send you free newsletters and emails that directly promote the use of our site or the purchase of our products or services and may contain advertisements for third party companies. When you receive newsletters or promotional communications from us, you may indicate a preference to stop receiving further communications from us and you will have the opportunity to “opt-out” by following the unsubscribe instructions provided in the email you receive or by contacting us directly (please see contact information below). Should you decide to opt-out of receiving future mailings, we may share your email address with third parties to ensure that you do not receive further communications from third parties. Despite your indicated email preferences, we may send you notices of any updates to our Terms of Use or privacy policy.

Changes to Personal Data and Your Rights
General Data Protection Regulation (GDPR)
EU residents have certain rights with respect to your personal data. This section applies to any personal data of EU residents that we collect in our capacity as a data controller. The rights of EU residents below may only apply in certain circumstances and are subject to certain exemptions. If you are an EU resident, please see the table below for a summary of your rights. You can exercise these rights by calling 571-299-1800 or emailing privacy@clarabridge.com.

Summary of Rights as an EU Resident

Right of access to your personal data You have the right to receive a copy of your personal data that we hold about you, subject to certain exemptions.

 

Right to rectify your personal data You have the right to ask us to correct your personal data that we hold where it is incorrect or incomplete.

 

Right to erasure of your personal data You have the right to ask that your personal data be deleted in certain circumstances.  For example (i) where your personal data is no longer necessary in relation to the purposes for which they were collected or otherwise used; (ii) if you withdraw your consent and there is no other legal ground for which we rely on for the continued use of your personal data; (iii) if you object to the use of your personal data (as set out below); (iv) if we have used your personal data unlawfully; or (v) if your personal data needs to be erased to comply with a legal obligation.

 

Right to restrict the use of your personal data You have the right to suspend our use of your personal data in certain circumstances.  For example (i) where you think your personal data is inaccurate and only for such period to enable us to verify the accuracy of your personal data; (ii) the use of your personal data is unlawful and you oppose the erasure of your personal data and request that it is suspended instead; (iii) we no longer need your personal data, but your personal data is required by you for the establishment, exercise or defense of legal claims; or (iv) you have objected to the use of your personal data and we are verifying whether our grounds for the use of your personal data override your objection.

 

Right to data portability You have the right to obtain your personal data in a structured, commonly used and machine-readable format and for it to be transferred to another organization, where it is technically feasible. The right only applies where the use of your personal data is based on your consent or for the performance of a contract, and when the use of your personal data is carried out by automated (i.e. electronic) means.

 

Right to object to the use of your personal data You have the right to object to the use of your personal data in certain circumstances. For example (i) where you have grounds relating to your particular situation and we use your personal data for our legitimate interests (or those of a third party); and (ii) if you object to the use of your personal data for direct marketing purposes.

 

Right to withdraw consent You have the right to withdraw your consent at any time where we rely on consent to use your personal data.

 

Right to complain to the relevant data protection authority You have the right to complain to the relevant data protection authority where you think we have not used your personal data in accordance with data protection law.

 

Please also be aware that as noted above, as part of its customary business activities, Clarabridge acts as a service provider (or data processor) to its business partners. Whenever Clarabridge receives personal data from its business partners, Clarabridge relies upon those business partners to obtain any consent from consumers that may be required to authorize Clarabridge’s privacy practices related to the applicable personal data, and Clarabridge does not provide a choice to individuals regarding Clarabridge’s collection and use of the personal data received from those business partners. Individuals whose personal data we process as a service provider should contact the business partner directly to exercise any applicable rights. Clarabridge is not responsible for the policies or practices of those business partners with respect to the personal data those business partners collect.

California Consumer Privacy Act (CCPA)
California residents, as mandated under California privacy laws, including the CCPA, requires that we provide California residents certain specific information about how we handle their personal information, whether collected online or offline. Under the CCPA, “personal information” is any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household. It does not include publicly available data as defined by the CCPA.

This section does not address or apply to our handling of personal information that is subject to an exemption under the CCPA. This section also does not apply to personal information we collect about job applicants, independent contractors, or current or former full-time, part-time and temporary employees and staff, officers, directors or owners of Clarabridge, Inc.

California law grants California residents’ certain rights and imposes restrictions on particular business practices as set forth below.

Summary of Rights as a California Resident

Right to Opt-out of Sale of Personal Information. California residents have the right to opt-out of our sale of their personal information.

 

Notice at Collection. At or before the point of collection of personal information, notice must be provided to California residents of the categories of personal information collected and the purposes for which such information is used.

 

Verifiable Requests to Delete and Requests to Know. Subject to certain exceptions, California residents have the right to make the following requests, at no charge:

Request to Delete: California residents have the right to request deletion of their personal information that we have collected about them and to have such personal information deleted, except where an exemption applies.

Request to Know: California residents have the right to request and, subject to certain exemptions, receive a copy of the specific pieces of personal information that we have collected about them in the prior 12 months and to have this delivered either (a) by mail or (b) electronically in a portable and, to the extent technically feasible, readily useable format that allows the resident to transmit this information to another entity without hindrance.  California residents also have the right to request that we provide them certain information about how we have handled their personal information in the prior 12 months, including the following:

  • categories of personal information collected;
  • categories of sources of personal information;
  • business and/or commercial purposes for collecting and selling their personal information;
  • categories of third parties/with whom we have disclosed or shared their personal information;
  • categories of personal information that we have disclosed or shared with a third party for a business purpose;
  • categories of personal information collected; and
  • categories of third parties to whom the residents’ personal information has been sold and the specific categories of personal information sold to each category of third party.

California residents may make Requests to Know up to twice every 12 months.

Right to Non-Discrimination. The CCPA prohibits discrimination against California residents for exercising their rights under the CCPA. Discrimination may exist where a business denies or provides a different level or quality of goods or services, or charges (or suggests that it will charge) different prices,  rates, or penalties on residents who exercise their CCPA rights, unless doing so is reasonably related to the value provided to the business by the residents’ data.

 

Financial Incentives. A business may offer financial incentives for the collection, sale or deletion of California residents’ personal information, provided the incentive is not unjust, unreasonable, coercive or usurious, and is made available in compliance with applicable transparency, informed consent, and opt-out requirements. California residents have the right to be notified of any financial incentive offers and their material terms, and the right to opt-out of such incentives at any time; residents may not be included in such incentives without their prior informed opt-in consent. We do not offer any incentives at this time.

 

Please also be aware that as noted above, as part of its customary business activities, Clarabridge acts as a service provider (or data processor) to its business partners. Whenever Clarabridge receives personal data from its business partners, Clarabridge relies upon those business partners to obtain any consent from consumers that may be required to authorize Clarabridge’s privacy practices related to the applicable personal data, and Clarabridge does not provide a choice to individuals regarding Clarabridge’s collection and use of the personal data received from those business partners. Individuals whose personal data we process as a service provider should contact the business partner directly to exercise any applicable rights. Clarabridge is not responsible for the policies or practices of those business partners with respect to the personal data those business partners collect.

You may exercise these rights and submit Requests to Opt-out of Sale of Personal Information, Requests to Know, and Requests to Delete may be submitted by calling us at 571-299-1820 or by emailing us at privacy@clarabridge.com. We will respond to verifiable requests received from California consumers as required by law.

In some circumstances, applicable laws may provide consumers a right to request a report regarding Clarabridge’s disclosures of personal data about himself or herself, and Clarabridge will undertake to provide such information as required by applicable law. For example, pursuant to California Civil Code Section 1798.83 (the “Shine the Light Law”), a California resident may request an information statement from Clarabridge regarding disclosures of personal data about that resident, if any, that Clarabridge has made to third parties for direct marketing purposes during the preceding calendar year. All such requests should be submitted in writing to Clarabridge at the email address or postal address set forth below. Clarabridge will endeavor to respond to such requests within a reasonable time by providing a report that includes the information required by applicable law. Please be advised that, Clarabridge is not required to respond to requests from any individual resident under the Shine the Light Law more frequently than once per calendar year.

Use and Onward Transfer of Your Personal Data
Clarabridge collects and uses your personal data to deliver the services you have requested via the website. Clarabridge also uses your personal data to inform you of other products or services available from Clarabridge and its affiliates. Clarabridge may also contact you via surveys to conduct research about your opinion of current services or of potential new services that may be offered.
Clarabridge does not share personal data with unaffiliated parties for those parties’ own direct marketing. Clarabridge may, from time to time, share information with you on behalf of external business partners about a particular offering that may be of interest to you.

In addition, Clarabridge may share data with service providers in order to provide services to Clarabridge or to provide services on Clarabridge’s behalf, such as performing statistical analysis, delivering email or postal mail, providing customer support, or arranging deliveries. We require all such service providers to agree to limit their use of your personal data to performance of such services in a manner consistent with this privacy policy. In the context of an onward transfer, Clarabridge has responsibility for the personal data it receives under the Privacy Shield and subsequently transfers to a service provider acting as an agent on its behalf. Clarabridge shall remain liable under the Privacy Shield Principles if its agent processes such personal data in a manner inconsistent with the Privacy Shield Principles, unless Clarabridge proves that it is not responsible for the event giving rise to the damage.

Clarabridge does not use or disclose Sensitive Data without your opt-in consent.
Clarabridge keeps track of the websites and pages our customers visit within Clarabridge, in order to determine what Clarabridge services are the most popular. This data is used to deliver customized content and advertising within Clarabridge to customers whose behavior indicates that they are interested in a particular subject area.

Clarabridge websites will disclose your personal data, without notice, only if required to do so by law or in the good faith belief that such action is necessary to: (a) conform to the edicts of the law or comply with legal process served on Clarabridge or the site; (b) protect and defend the rights or property of Clarabridge; and, (c) act under exigent circumstances to protect the personal safety of users of Clarabridge, or the public.

We may share some or all of your personal data with our corporate affiliates, in which case we will require our affiliates to treat personal data that we share with them in a manner consistent with this privacy policy. If another company acquires our company or our assets, that company will possess the personal data collected by it and us and will assume the rights and obligations regarding your personal data as described in this Privacy Policy.

To collect feedback on behalf of our clients, Clarabridge is provided access to the data, which may reside on the systems of Clarabridge, its clients or Clarabridge’s or its clients’ vendors. Clarabridge treats the collected feedback according to the terms of this policy. Only a limited number of authorized employees are allowed access to such Client data.

Clarabridge uses the Google Visualization API to generate the charts in the analysis interface. No customer data is passed to Google to generate the charts in the client browser. However, if you plan to export the graph to Excel or PDF, your aggregated data must be sent to Google in order to generate the file. No detailed records are sent to Google, and only the data labels and numbers actually displayed on the exported graph are transmitted.

Use of Cookies
The Clarabridge website uses “cookies” to help you personalize your online experience. A cookie is a text file that is placed on your hard disk by a Web page server. Cookies are uniquely assigned to you and are designed to be read only by a web server in the domain that issued the cookie to you.

One of the primary purposes of cookies is to provide a convenience feature to save you time. The purpose of a cookie is to tell the Web server that you have returned to a specific page. For example, if you personalize Clarabridge pages, or register with Clarabridge site or services, a cookie helps Clarabridge to recall your specific information on subsequent visits. This simplifies the process of recording your personal data, such as billing addresses, shipping addresses, and so on. When you return to the same Clarabridge website, the information you previously provided can be retrieved, so you can easily use the Clarabridge features that you customized.

Clarabridge also works with advertisers and service providers, like Google, who may have placed one or more cookies on your computer either at the time of your visit to the Clarabridge website or when you visit other websites for which they provide services. We partner with those companies to assist us in marketing Clarabridge’s products and services on third party websites to individuals, like you, who have previously visited the Clarabridge website or have otherwise demonstrated an interest in our products and services. If you prefer, you may opt out of Google’s use of cookies for this kind of interest-based advertising by modifying Google’s Ads Settings. You have the ability to accept or decline cookies. Most Web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you may not be able to fully experience the interactive features of the Clarabridge services or websites you visit. At this time, however, the Clarabridge website does not respond to “Do No Track” signals, and the website may therefore collect any information that an end user’s browser provides, such as information identifying the end user’s operating system and Internet protocol address.

Information Retention, Security and Integrity
We may maintain personal data in our databases for so long as we believe it is necessary or beneficial for purposes of developing, providing and improving our services, even indefinitely, except to the extent we are required to remove such personal data by applicable law, and except as described above regarding Sensitive Data. Even after we remove personal data from the databases that we use in active operation of our business, some or all of that personal data may be retained in our inactive archival backups of those databases.

We exercise reasonable security measures consistent with industry standards to protect against unauthorized access to personal data stored in our databases, and to prevent unauthorized use, alteration, corruption or disclosure of that personal data. personal data stored in our possession is maintained behind firewalls, and our servers are located within facilities that are subject to physical security measures designed to prevent unauthorized access.

We restrict access to personal data to our employees, contractors and agents who need to access that information in order to operate our business in a manner consistent with this privacy policy. All such personnel are required to treat personal data in a manner consistent with this privacy policy, and they are subject to discipline, potentially including termination, if they fail to comply with those requirements.

While we believe our policies and practices regarding information security and integrity are reasonable, we cannot guarantee that the security and/or integrity of personal data will not be breached or that such personal data will not be subject to unauthorized access, alteration, corruption or disclosure. We review our information security policies and practices periodically and may update them as we determine reasonably necessary to achieve information security and integrity consistent with industry standards.

How Long We Keep Your Personal Data
Your personal data will be retained in accordance with our global data retention policy which categorises all of the information held by us and specifies the appropriate retention period for each category of data. Those periods are based on the requirements of applicable data protection laws and the purpose for which the information is collected and used, taking into account legal and regulatory requirements to retain the information for a minimum period, limitation periods for taking legal action, and our business purposes.

Enforcement
Clarabridge periodically conducts internal reviews and self-assessment of its Privacy Practices to confirm its compliance with this privacy policy. We will take good faith steps to correct any non-compliance identified in the course of such reviews.

Consumers who believe that Clarabridge may have acted in a manner inconsistent with this privacy policy may contact Clarabridge via the email address or postal address stated below, and we will exercise good faith efforts to resolve disputes and complaints.

Clarabridge, Inc. participates in the EU-U.S. Privacy Shield framework and the Swiss-U.S. Privacy Shield as set forth by the United States Department of Commerce. Clarabridge commits to resolve complaints concerning its processing of personal data in accordance with the Privacy Shield Principles.
Any Data Subject who has a complaint about Clarabridge’s processing of his/her personal data should first contact Clarabridge’s Legal Department by emailing privacy@Clarabridge.com or by calling 571-299-1820.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) here. Under certain conditions, more fully described on the Privacy Shield website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.

Contact Information
Clarabridge welcomes your comments regarding this Privacy Policy. If you believe that Clarabridge has not adhered to this Privacy Policy, please contact Clarabridge at privacy@clarabridge.com, or write to us via postal mail at the following address:

ATTN: Privacy
Clarabridge, Inc.
11400 Commerce Park Dr.
Suite 500
Reston, VA 20191
Corporate Headquarters – USA

Changes to This Privacy Policy
This privacy policy is subject to occasional revision, and amendments to this privacy policy shall become effective when we publish the revised policy on the Clarabridge website. By using or accessing the Clarabridge website, you agree that we may treat information collected through the website in accordance with the revised privacy policy, including information we may have collected at a prior time when a previous version of this privacy policy was in effect. If you do not consent to our privacy practices described in the revised version of the privacy policy, do not use the Clarabridge website in any manner, as we will continue to treat previously collected information in accordance with the privacy practices described in the applicable prior version of this privacy policy or as otherwise required below. If we revise the privacy policy in such a way that permit substantial changes in the way we use or disclose your personal data, we will also make a good faith effort to notify you by sending you an email to the last email address you provided to us. Please note that at all times you are responsible for updating your personal data to provide us with your most current email address.

This Privacy Policy was last revised on January 17, 2020.