Privacy Policy

Glassbox Ltd. and its wholly owned subsidiaries, including Glassbox US, Inc. and Glassbox Digital UK Ltd. (collectively “GLASSBOX,” “we,” “us,” and “our”) respect your privacy. This privacy policy (this “Privacy Policy”) explains the accepted privacy practices for our Site, https://glassboxdigital.com/ (the “Site”) and our proprietary customer experience solutions and services, which include, without limitation, all associated software, updates, upgrades, content and documentation, and any changes, enhancements, extensions, adaptations, components, additions, improvements and applications thereto, whether now existing or hereafter devised (collectively, the “Services”). This Privacy Policy describes the ways in which your personal information is collected and used, and the rights and options available to you with respect to such information. This Privacy Policy incorporates by reference the most current version of our Terms of Use (our “Terms of Use”). If you have questions or complaints regarding this Privacy Policy and/or our privacy practices in general, please contact us as described in this Privacy Policy.

IF YOU DO NOT WISH TO PROVIDE OR OTHERWISE MAKE AVAILABLE TO GLASSBOX, WHETHER DIRECTLY OR INDIRECTLY, THE INFORMATION DESCRIBED BELOW THAT WE COLLECT VIA THE USABILITY AND FUNCTIONALITY OF OUR SERVICES, PLEASE DO NOT VISIT OUR WEBSITE.

INFORMATION WE COLLECT

GLASSBOX collects information from end users (“End Users”) at several different points and via several different channels throughout our Services. This may include, without limitation, traffic data including an End User’s IP address, domain server, type of computer, type of web browser, geo-location, browsing and click-stream activity, session heatmaps and scrolls and more.  Our GLASSBOX Solutions (as defined below) are also designed to automatically collect information about your website visits, referring and exit pages and URLs, amount of time spent on particular web pages, and the sections/features of our Services you visit/utilize. We’ve designed our Services so that the information collected from End Users is anonymous information that does not personally identify an End User but may be helpful for improving an End User’s experience in connection with our Services and/or for marketing purposes.

In general, when you visit our Site or otherwise utilize our Services you remain anonymous. That said, certain aspects of our Services, whether deployed by others or by us, may require that you register or log in before you are permitted to access certain areas, tools, features and the like.  In such cases, the information you will likely be asked to provide (and that is collected by us) may be more personal in nature. In those cases, personal information, such as an End User’s name, address, contact information and other personally-identifiable information (“Personal Information” or “Personal Data”) may be collected from you and stored in our databases, typically when you register to the Site, request support enter into a sales promotion or otherwise interact with us (for example through the “contact us” option). It should be made clear that you have no legal obligation to provide us with any Personal Data and the submission of such information is entirely subject to your sole discretion and consent. However, if you will not provide us with the required information, we may not be able to provide you with the information/services requested by you.

We may also collect statistical and other data related to your use of our Services as well as information on Services usage patterns. This information is collected and used as anonymous, aggregated, non-individually identifiable information.

HOW WE USE INFORMATION

Our Services allows us to use aggregated and anonymous information which does not identify individual End Users. This information is often used for analyzing trends, administering and improving services, and to gather demographic information about our End User base as a whole. There are also times when we will combine such information with additional non-personal or de-identified information that we obtain from other companies in order for us to gain broader market insights. We typically analyze this information and organize it into user groups and audiences, based on factors such as age, gender, geography, interests and online actions. This is often referred to as Interest-Based Advertising. To enable the foregoing, the GLASSBOX Solutions use technology including browser cookies, device identifiers, and other similar technologies to recognize a particular browser or device over time, to predict possible relationships among different browsers and devices and to then relay this information to our system.

We also compile and store data and information and generate reports related to our End Users’ access to and use of our Services.

To the extent required under applicable data processing laws and regulations, any Personal Data that we collect will be stored in our database and will be used in accordance with such applicable laws and regulations.

Any data processing performed by any third party with whom we have provided End User information (either Personal Data or non-Personal Data) will, if and when required by law, be governed by a binding agreement in the form mandated by applicable by law, preserving End Users’ statutory data protection rights.

GLASSBOX retains the End User data described above which is collected through our GLASSBOX Solutions for up to twenty-four (24) months from the date of its collection (unless the data is required to be held for a longer period by applicable laws and regulations) and solely for the uses expressly provided hereunder.

GLASSBOX may share information internally among its affiliates or with third parties for the purposes described in this Policy. Without limiting the foregoing, some of the reason we might share your information are:

Personal Data collected from End Users within the European Economic Area (“EEA”) may, for example, be transferred to countries outside of the EEA for the purposes described in this policy.  To do so in a compliant manner, GLASSBOX will only transfer such data if (i) it has the End User’s consent or some other legal basis upon which to rely, (ii) it has in place a data processing agreement/addendum with the intended recipient(s) thereof (which utilizes standard contract clauses approved by the European Commission, as applicable), and (iii) it is otherwise in compliance with all other obligations mandated under European Union law.

For the purpose of providing and operating the Services, we may share Personal Data with trusted third-party service providers that require access to such data. In these instances, we will require that these third parties comply with this Privacy Policy or with privacy policies at least as protective as this Privacy Policy.  We may also share your Personal Data if we have your permission to do so.  In all cases, GLASSBOX will attempt to limit the information we provide to that which is reasonably sufficient and necessary.

In addition to the foregoing, we expressly reserve the right to disclose or otherwise allow access to your Personal Data pursuant to a legal requirement or a request, such as a subpoena, search warrant or court order, or in compliance with applicable laws and regulations.  Such disclosure or access may occur with or without notice to you.   We may also disclose the information that we collect where we believe that it is necessary in order to protect the vital interests of any person, or to exercise, establish, or defend our legal rights.

Bottom line, we do not share, distribute, sell or rent any of your Personal Data with/to third parties, except in circumstances expressly described above as well as those other limited situations which are set forth in this Privacy Policy.

 

YOUR PRIVACY RIGHTS and CONTROLLING YOUR PERSONAL DATA

If you wish to access, rectify, erase, restrict, transfer, or object to the use of your information, or if you have any questions in connection with this Privacy Policy or the use of your information, please contact us through one of the methods described below. Further, you can ask us to stop sending you marketing messages at any time by following the opt-out or unsubscribe links on any marketing message sent to you or by contacting us directly.  Every email sent by or on the behalf of GLASSBOX includes information as to how you can easily unsubscribe from future communications.  Subject to applicable law (including without limitation, the California Consumer Privacy Act), you have the following rights in relation to your Personal Data:

 

 

For California residents

 

You may exercise your privacy rights by calling our toll free at 1-866-I-OPT-OUT (1-866-467-8688) and entering service code 760# to leave us a message or by writing to us to [email protected]. All other users should use the email address to correspond with us regarding any privacy questions.  Your request must include sufficient information that allows us to reasonably verify you are the person about whom we collected personal information, and that you have the authority to make the request(s) that we’ve received.

 

ENTERPRISE CLIENTS

From time to time, GLASSBOX grants certain of its enterprise clients (“Enterprise Clients” or “Clients”) a license or other rights to GLASSBOX’s proprietary software products and solutions (the “GLASSBOX Solutions”).  Through their use of these GLASSBOX Solutions and/or through other means, enterprise clients of GLASSBOX may get access to, collect and use: (i) End User non-personally identifiable information; and (ii) End User Personal Data.

The GLASSBOX Solutions enable our enterprise clients (the “Enterprise Clients”) to maintain compliance with applicable privacy laws and regulations, assist in the fulfillment of certain  contractual necessity and also to deliver more relevant content to consumers across digital channels, including desktop and mobile channels, by gathering data about those End Users’ visits to, and use of, our enterprise clients’ digital properties. These clients have their own policies that govern how they collect, use, and share data, even when such collection and use may be carried out, directly or indirectly, by using our Services from time to time. Please consult the privacy policies of the websites you visit and apps you use to become familiar with their privacy practices.

Those Enterprise Clients of GLASSBOX which utilize GLASSBOX’s cloud-based Services to collect End User information will upload such information to one of GLASSBOX’s secured cloud servers and will analyze such information via our Services.

We enter into binding agreements with each Enterprise Client that uses our Services, which agreements are intended to comply with all applicable laws and regulations for the processing of their End User data.

By way of clarification, we have no direct relationship with any of our Enterprise Clients’ individual End Users.  Therefore, any such end user of an Enterprise Client who seeks to correct, amend, delete inaccurate Personal Data, or withdraw consent for further use of his/her Personal Data, should direct all queries to the applicable Enterprise Client that he/she deals with directly.

 

WHERE WE STORE END USER INFORMATION

End User Information that is collected via our Services (both Personal Data and non-Personal Data) in accordance with the terms set forth in this Privacy Policy, whether such information is collected directly by GLASSBOX or by any of our Enterprise Clients, may be maintained, processed and stored by GLASSBOX and our authorized affiliates and service providers in the United States, in the EU and in any other jurisdiction as deemed strictly necessary for the proper delivery of our Services and/or as may be required by applicable law.  While data protection laws differ from jurisdiction to jurisdiction, please know that GLASSBOX is fully committed to keeping and protecting your information in a safe and secure manner based on this Privacy Policy and industry standards.

SOCIAL MEDIA WIDGETS

Our Services incorporate Social Media features, such as the Facebook Like button. These features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the feature to function properly. Social Media features and Widgets are either hosted by a third party or hosted directly on our Site. Your interactions with these Features are governed by the privacy policy of the company providing it.

BUSINESS TRANSFERS

Information collected from End Users of the GLASSBOX Services, including End User Personal Data, may be transferred as part of or in connection with a corporate merger, consolidation, restructuring, the sale of substantially all of our shares or stock and/or assets or other corporate change, including, during the course of any due diligence process.  By making available your data through the Services in any manner, you agree that your information may be transferred to third parties under such or similar circumstances.

In addition to the foregoing, we reserve the right, at our sole discretion, to assign this Privacy Policy and/or any rights hereunder, to any third party without providing any prior notice thereof. In the event of any such assignment, the provisions set forth in this Privacy Policy shall fully apply to any successor or assignee, mutatis mutandis.

COOKIES

We use session identifiers, web beacons, cookies, JavaScript tags, and other tracking technologies.  A cookie is a piece of data stored on an End User’s hard drive containing information about the End User.  We use these technologies to enhance the End User experience of our Services, and as a result, these technologies may be deployed by GLASSBOX in any portion of the GLASSBOX Services. Usually an Internet browser is set by default to accept cookies. If an End User rejects the cookie, he/she may still use our Services, though certain features, tools and applications may be disabled or otherwise unavailable. We may also use cookies to track and monitor usage of the Services by End Users for the marketing and quality improvement purposes. Most browsers will allow you to erase cookies from your computer/device hard drive, block acceptance of cookies, or receive a warning before a cookie is stored. We may use JavaScript tags to trigger a sequence of events that includes viewing a first-party cookie (or setting that cookie if it does not already exist) and to help us tailor and optimize our GLASSBOX Services for both our End Users and enterprise clients. For more details on our use of cookies please read our Cookie Policy.

In addition to the foregoing, GLASSBOX reserves the right to use the Google AdWords Remarketing Service (the “Google Service”) for advertising purposes. By using the Google Service, visitors of those sites, apps and other digital properties belonging to GLASSBOX’s Enterprise Clients may see advertisements in third parties’ websites (including, without limitation on Google’s search results page or a site in the Google Display Network). Any data collected by GLASSBOX using the Google Service will be subject to both this Privacy Policy as well as Google’s Privacy Policy.

E-MAIL COMMUNICATIONS

At any time, you have the ability to opt out of receiving marketing communications from GLASSBOX, but you may not opt out of administrative emails. You can opt out by either changing your e-mail preferences or using the link provided at the bottom of each email message or through any other means that is made available to you.

We do not send emails to anyone without a legitimate legal basis to do so, such as to address contractual necessity and legal obligations or on the basis of consent (where consent may have been given to us and/or one of our enterprise clients), and we do not sell or rent email addresses to any unauthorized third party. This does not mean that we can prevent spam from happening on the Internet. If you believe that you have received an unsolicited email from us, please contact us at the e-mail below and we will investigate.

LINKS

Our Site may have links to the sites of other companies, including those of our enterprise clients. We are not responsible for their privacy practices. We encourage you to learn about the privacy policies of those companies by visiting their respective websites, apps, etc.

POLICY TOWARDS CHILDREN

 

GLASSBOX does not knowingly collect personal information from minors who are under the age of 16 through its Site and/or the Services. If a parent or guardian becomes aware that his or her child has provided us with Personal Data without the parent’s/guardian’s consent, then he or she should contact GLASSBOX as described hereunder. If we become aware that a child under the age of 16 has provided us with Personal Data, we will delete such information from our files. Further, the Children’s Online Privacy Protection Act (“COPPA”) requires parental consent for collection of data from children younger than the age of 13 years old. For tips on protecting children’s privacy online, generally, please view the U.S. Federal Trade Commission (“FTC”) website at http://www.ftc.gov/privacy/privacyinitiatives/childrens.html.

SECURITY

We follow generally accepted industry standards to protect the Personal Data submitted to us, both during transmission and once we receive it. However, due to the nature of Internet communications and evolving technologies, unauthorized entry or use, hardware or software failure, and other factors, the security of End User information may be compromised at any time. No method of transmission over the Internet, or method of electronic storage, is 100% secure.

Therefore, we cannot guarantee the absolute security of Personal Data and disclaim any assurance that such information will remain free from loss, misuse, or alteration by third parties who, despite our efforts, obtain unauthorized access.

CALIFORNIA PRIVACY RIGHTS

If an End User is a California resident, California Civil Code Section 1798.83(c)(2) permits such individual to request information regarding the disclosure of his/her information by GLASSBOX to third parties for such third parties’ direct marketing purposes. To make such a request, please send us an email to [email protected].

CHANGES AND CONSENT TO PRIVACY POLICY

BY USING OUR SERVICES, WHETHER KNOWINGLY OR OTHERWISE, AND IN ANY MANNER OR CAPACITY, YOU AGREE TO THE TERMS OF THIS PRIVACY POLICY. WE RESERVE THE RIGHT TO CHANGE THE PROVISIONS OF THE PRIVACY POLICY FROM TIME TO TIME, AND THEREFORE, YOU ARE ADVISED TO CHECK BACK REGULARLY. YOUR CONTINUED USE OF THE SERVICES, WHETHER IN WHOLE OR IN PART, AFTER ANY CHANGE TO THE POLICY HAS BEEN POSTED CONSTITUTES YOUR ACCEPTANCE OF THIS PRIVACY POLICY. IF THE REVISED VERSION OF THIS PRIVACY POLICY INCLUDES SUBSTANTIAL AND MATERIAL CHANGES, WE WILL PROVIDE YOU WITH 30 DAYS PRIOR NOTICE VIA ANY OF THE COMMUNICATION MEANS AVAILABLE TO US, OR BY POSTING NOTICE OF THE CHANGE(S) ON OUR SITE.  AFTER THIS 30-DAY NOTICE PERIOD EXPIRES, ALL AMENDMENTS TO THIS PRIVACY POLICY SHALL BE DEEMED ACCEPTED AND EFFECTIVE ON BOTH YOU AND GLASSBOX.

RESOLVING DISPUTES; COMMUNICATING WITH US

We strive to respond to all End User requests as quickly as practicable.  If you feel that your request has not been addressed in a timely manner after sending an email to the above-referenced email address, you may send an email directly to our Privacy and Compliance Officer at the following address: [email protected].

Although we will endeavor to resolve all disputes arising between an End User and GLASSBOX in an amicable and expeditious manner, End Users may invoke binding arbitration when other dispute resolution procedures have been exhausted.  Under those circumstances, GLASSBOX’s exclusive means of resolving individual privacy complaints is through JAMS (https://www.jamsadr.com/), an alternative dispute resolution provider.  Any such proceedings shall be conducted in JAMS’ NY-based offices (NY Times Building, 620 8th Avenue, New York, NY 10018).  Judgement on the award rendered in any such arbitration may be entered in any court having jurisdiction.

 

Last updated: January 2020