Chart.io complies with the EU-US Privacy Shield framework as set forth by the United States (US) Department of Commerce regarding the processing of personal information transferred from the European Union (EU) plus Iceland, Liechtenstein and Norway, to the US. Chart.io has certified to the US Department of Commerce that it adheres to the Privacy Shield Principles. To learn more about the EU-US Privacy Shield framework, and to view our certification, please visit www.privacyshield.gov. If there is any conflict between the terms in this EU-US Privacy Shield Statement and the Privacy Shield Principles, the Privacy Shield Principles shall govern.
This EU-US Privacy Shield Statement applies to all Personal Data (defined below) that is received by Chart.io in the US from the EEA. Chart.io commits to comply with the Privacy Shield Principles in respect of such Personal Data.
- "Customer" or "Customers" means Chart.io's business customers that use the Services.
- "EU-US Privacy Shield Statement" means this EU-US Privacy Shield Statement.
- "Personal Data" means any information relating to an identified or identifiable individual, recorded in any form.
- "Privacy Shield Principles" means the principles issued by the US Department of Commerce and contained in Annex II to the European Commission’s decision of July 12, 2016 on the adequacy of the protection provided by the EU-US Privacy Shield.
- "Services" means the business analytics services and related technologies for monitoring internal and external data sources, provided by Chart.io in accordance with the Terms of Service accessible at https://chartio.com/legal/terms.
- "Site" means our website accessible at https://chartio.com.
Types of Personal Data Collected
When you interact with us through our Services, we may collect Personal Data and other information from you, as further described below:
1. Personal Data That You Provide Through the Services:
We collect Personal Data from you when you voluntarily provide such information, such as when you contact us with inquiries, respond to one of our surveys, register for access to the Services or use certain Services.
2. Personal Data That We Receive From Our Customers:
In addition to our own data processing involving Personal Data, Charto.io may process certain Customer data at the direction of our Customers which may potentially include Personal Data. Chart.io may cache this data and various aggregations and transformation (charts, graphs, maps, tables, dashboards, etc.) as part of normal operations as covered by our Terms of Service. In such instances, Chart.io is acting as the data processor on behalf, and pursuant to the instructions, of our Customers, who act as the data controller (an entity that determines the purposes and means for processing personal data). If you have any questions about our processing of this information, you are advised to contact the Chart.io's Customer who has directed us to process the particular information.
3. Other Information:
Non-Identifiable Data: When you interact with Chart.io through the Services, we receive and store certain personally non-identifiable information. Such information, which is collected passively using various technologies, cannot presently be used to specifically identify you. Chart.io may store such information itself or such information may be included in databases owned and maintained by Chart.io affiliates, agents or service providers. The Services may use such information and pool it with other information to track, for example, the total number of visitors to our Site, the number of visitors to each page of our Site, and the domain names of our visitors' Internet service providers. It is important to note that no Personal Data is available or used in this process.
Aggregated Personal Data: In an ongoing effort to better understand and serve the users of the Services, Chart.io often conducts research on its Customer demographics, interests and behavior based on the Personal Data and other information provided to us. This research may be compiled and analyzed on an aggregate basis.
We use third party retargeting services, including AdRoll, which track users across web sites. Except for geo-location data (based on IP address), we do not provide these services with any Personal Data. If you do not wish to have this information used for the purpose of serving you targeted advertisements, you may opt out by visiting the following portals: https://www.networkadvertising.org/choices and https://www.youronlinechoices.eu. Please note that opting out of targeted advertisement does not opt you out of being served advertising altogether. You will continue to receive generic advertisements.
Our Use of Your Personal Data and Other Information:
Our Disclosure of Your Personal Data and Other Information:
Chart.io may disclose Personal Data to third-party service providers (such as providers of customer and lead management services, email communication and customer support services) and subcontractors (such as providers of compute and storage resources) who perform certain services or provide certain solutions on our behalf and under our instructions as necessary in connection with the performance of requested services or solutions. Chart.io maintains contracts with these third parties restricting their access, use and disclosure of Personal Data in compliance with the Privacy Shield Principles.
Chart.io may also disclose Personal Data as necessary in connection with the sale or transfer of all or part of its business.
Chart.io may also disclose Personal Data as required or permitted by law, or when Chart.io believes that disclosure is necessary to protect its rights or to comply with a judicial proceeding, a court order, a law enforcement request, or other legal process, or lawful requests by public authorities, including to meet national security or law enforcement requirements.
In addition to the above, we may share Personal Data about you with others to the extent you consent to such sharing.
Chart.io will offer individuals the opportunity to choose (opt out) whether their Personal Data is (a) to be disclosed to third parties, except when disclosure is made to a third party that is acting as an agent to perform task(s) on our behalf and under our instructions or (b) to be used for a purpose that is materially different from the purpose for which it was originally collected or subsequently authorized by the individual. Chart.io will provide individuals with clear, conspicuous and readily available mechanisms to exercise their choices should applicable circumstances arise. In order to request that Chart.io not use an individual's Personal Data, such individual should contact Chart.io by email at: firstname.lastname@example.org. Individuals may also opt out of receiving marketing messages from Chart.io by notifying Chart.io at: email@example.com.
Data Integrity and Purpose Limitation:
Consistent with the Privacy Shield Principles, we will limit collection of Personal Data to the information that is relevant for the purposes of processing and we will not process such Personal Data in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by you. To the extent necessary for those purposes, we will also take reasonable steps to ensure that Personal Data is reliable for its intended use, accurate, complete and current. We will adhere to the Privacy Shield Principles for as long as we retain Personal Data about you.
Accountability for Onward Transfer:
Pursuant to the Privacy Shield Principles, Chart.io remains accountable for Personal Data that it receives under the Privacy Shield and subsequently transfers to a third party agent. In particular, Chart.io remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Privacy Shield Principles, unless Chart.io proves that it is not responsible for the event giving rise to the damage.
We are committed to securing all Personal Data provided to us. We have deployed and maintain reasonable and appropriate process and technology measures to provide reasonable assurance that your Personal Data is secured against loss, misuse and unauthorized access, disclosure, alteration and destruction.
Upon request, Chart.io will grant individuals reasonable access to Personal Data that it holds about them. In addition, Chart.io will take reasonable steps to permit individuals to correct, amend, or delete information where it is inaccurate, or has been processed in violation of the Privacy Shield Principles.
Chart.io will process all reasonable requests for access within a reasonable time period, but reserves the right to restrict access in cases where the legitimate rights of persons other than the individual would be violated or where the burden or cost of providing access would be disproportionate to the risks to the individual's privacy.
We have deployed internal processes to monitor our compliance with this EU-US Privacy Shield Statement and to address all questions or complaints. We encourage you to raise any concerns or complaints directly with us by contacting us at firstname.lastname@example.org. Chart.io will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Data in accordance with the principles contained in this EU-US Privacy Shield Statement. For complaints that cannot be resolved through Chart.io's internal process, Chart.io has further committed to refer such complaints to the International Centre for Dispute Resolution, the international division of the American Arbitration Association (ICDR/AAA) for mediation and then if necessary, to binding arbitration for final resolution, at no cost to you. Information about ICDR/AAA services can be found at its website: https://info.adr.org/safeharbor.
If a complaint cannot be resolved by any of the mechanisms described above, you also have a right, under certain conditions, to invoke binding arbitration under the Privacy Shield Panel in compliance with the EU-US Privacy Shield Principles. If you want to initiate this arbitration procedure, you are required to first formally notify us of your intention to do so by writing to email@example.com. Please remember to include a summary of the steps you have already taken to resolve your complaint and a description of the alleged violation.
With respect to Personal Data received or transferred pursuant to the Privacy Shield framework, Chart.io is subject to the regulatory enforcement powers of the US Federal Trade Commission.
If you have any questions, comments or concerns about our privacy practices, please contact us at Chart.io, Inc., 222 Kearny Street, Suite 525 San Francisco, CA 94108 or at firstname.lastname@example.org.