Effective May 25th, 2018
Centercode maintains privacy policies that describe its privacy practices with respect to the personal data that it collects and uses for itself related to its businesses. However, Centercode also collects, holds, and/or processes data on behalf of its business customers in connection with the services it offers. Centercode customers have separate agreements with Centercode that govern their services (“Customer Agreements”), including how Centercode processes personal data, content, files, and other data submitted or collected through Centercode’s services for them.
Centercode refers to business customers using the Centercode Platform as “Centercode Customers”. This includes both SaaS and Managed Service customers of Centercode. The information that it processes on behalf of a business customer is “Centercode Customer Data” because as between Centercode and its customer, this data is owned and controlled by the customer.
What is Centercode Customer Data
While the Customer Agreement governs exactly what information is owned by our customer, in general, Centercode Customer Data is information collected by or on behalf of Centercode’s customer using the Centercode Platform. For example, where a Centercode Customer has a subscription to its own implementation of the Centercode Platform, the customer’s authorized users regularly submit information to the Centercode Platform. The customer’s user might create an account and profile as a member of the customer’s test participant community through the Centercode Platform. This user might also submit information like bug reports, feature suggestions, file uploads, survey responses, and similar information when applying for or participating in a test conducted on the Centercode Platform (“Test Feedback”).
The Centercode Customer determines who its authorized users are and which information it collects using Centercode’s services. The Centercode Customer configures its implementation of the Centercode Platform, including which third-party applications or technologies it might incorporate into their use of the Centercode Platform (via API or otherwise). The information collected by the Centercode Customer in the Centercode Platform is Centercode Customer Data.
In addition, some Centercode Customers hire Centercode to perform managed Customer Validation services. The Test Feedback that Centercode collects from end users once they apply for, or while participating in, a test that Centercode is managing for its customer is also Centercode Customer Data.
European Personal Data Within Centercode Customer Data
Centercode offers a Data Processing Addendum to its customers subject to the EU General Data Protection Regulation (the “GDPR”), including those that collect Personal Data from users residing in the European Union or the European Economic Area or Switzerland. Customers whose data collection practices are subject to the GDPR can find more information on our GDPR and Centercode page.
“Controller” and “Processor”
Each Centercode Customer, as the owner of its Centercode Customer Data, is the “data controller” with respect to its Centercode Customer Data. The Centercode Customer determines its own data privacy policies and practices for the Centercode Customer Data. Centercode collects, holds, and uses this data as needed to provide services to its customer in accordance with its customer’s instructions, including the terms in the Customer Agreement and the customer’s use of the functionalities of Centercode’s services, and as required by applicable law. Centercode is the “data processor” with respect to the Centercode Customer Data.
Location of Centercode Customer Data
The cloud servers hosting the Centercode Platform are located in the United States, where Centercode is located, unless the Customer Agreement designates that the data is to be held in another country. Centercode does not control the country or countries to which any customer transfers the Centercode Customer Data that it removes from the Centercode Platform. The United States and these other countries may not offer the same legal protections offered in a particular user’s country of residence and may be considered by the user’s country to offer insufficient legal protections. Centercode’s Data Processing Addendum includes standard contractual data protection clauses for the cross-border transfer of personal data by the customer from the European Union, the European Economic Area, and Switzerland to the United States.
Security of Centercode Customer Data
Centercode maintains a written security policy for the security, integrity, and protection of the Centercode Customer Data against unauthorized disclosure or loss. Centercode has physical, technical, and organizational processes and measures in place designed to safeguard this data. When accessing the Centercode Platform (including for tests Centercode is conducting for the customer using its Betabound portal) via a supported web browser, Transport Layer Security (SSL/TLS) is used to protect information using both server authentication and data encryption to help ensure the data is safe and secure in transit.
Centercode hosts the Centercode Platform (including the Betabound portal) on cloud-based servers located in a secure data center environment using a firewall and other advanced technology designed to prevent interference or access from outside intruders. The Centercode Platform requires verified email addresses, unique usernames, and strong passwords for account authentication.
Cookies and Log Data on the Centercode Platform
When accessing an account on the Centercode Platform, the platform uses mandatory session cookies to grant users access to, and secure, the user’s account. These cookies allow the Centercode Platform to uniquely identify the user following the entry of the username and password so that the user can access his or her account. Session cookies are required in order to use the Centercode Platform (including the Betabound portal).
In addition, when a Centercode Platform user logs into an account, Centercode’s servers automatically log typical HTTP information, including the user’s Internet Protocol (IP) address, a unique device identifier (a UUID), the user’s device name, operating system type and version, network type, country of origin, account use information (e.g. the pages viewed, the links clicked, the dates and times of requests and referral URL, and other actions taken), error messages received, problems encountered, and similar data.
Centercode uses this information to provide its services and customer support, including for user authentication, user support, service security and performance, fraud monitoring and prevention, and security audits. Where requested by its customer, Centercode may share relevant log data with its customers for audit, compliance, investigations, and customer support purposes. Centercode also uses de-identified and aggregated log data gathered about the general use of its services for internal business purposes, such as developing and enhancing its products and services, identifying usage trends, and for other legitimate business purposes.
The Centercode Platform currently does not respond to “Do Not Track” browser signals.
Requests by End Users About Centercode Customer Data
Individuals residing in the European Union, the European Economic Area, and Switzerland, have certain statutory rights regarding their Personal Data (as defined in the GDPR). Subject to any exemptions provided by law, these individuals may have the right to request access to their Personal Data, or seek to update, delete, or correct Personal Data. Where a customer’s end user makes a request relating to his or her Personal Data that is Centercode Customer Data, this user must contact Centercode’s customer for any assistance it requires with the request.
Retention of Centercode Customer Data
Centercode will retain Centercode Customer Data in accordance with its customer’s instructions, including in the Customer Agreement, and as required by applicable law. Deleted or updated Centercode Customer Data stored in Centercode’s backup systems will be automatically deleted or updated within a reasonable period of time during Centercode’s backup procedures, except as otherwise required by applicable law.
Questions or Concerns
Alternatively, to communicate with our Data Protection Officer, please email firstname.lastname@example.org, or by mail at 23332 Mill Creek Drive, Suite 260, Laguna Hills, CA 92653 ATTN: DPO, or by phone at (800) 705-6540.