Effective May 24th, 2019
This policy explains our privacy practices for the personal data that we process and hold as a result of our business customers’ use of our cloud-based software platform, the Centercode Platform, to manage their testing programs for their products and services. When we refer to Centercode, “we,” “our” or “us” in this policy, we are referring to Centercode, Inc., a California corporation.
Because our customers’ testing programs (known as “Customer Validation” programs) involve their collection of personal data, we hold and process this personal data on behalf of these customers. Above all, our goal is to help our customers run exceptional Customer Validation programs and to fully comply with applicable privacy laws.
To simplify this policy for our audience, we’ve split it into two parts. The first section is intended to highlight key terms and provide a highlight of our privacy practices for the personal data of our customers’ end users. The second section provides the comprehensive details.
We comply with, and are passionate about, this entire policy, and would encourage you to take your time in reviewing it. If you have any questions, please don’t hesitate to reach out to us.
If you do not agree to the terms of this policy, you should not use the Centercode Platform or submit personal data or other content to the Centercode Platform. By using the Centercode Platform and/or providing data to it, you are accepting and agreeing to the practices outlined in this policy.
- A Centercode Customer is a Centercode business customer that uses our services.
- A Centercode Platform Implementation is a Centercode Customer’s unique instance of the Centercode Platform accessible via a unique web address. A wide variety of companies use the Centercode Platform to execute tests of new products and services and to build communities of individuals interested in participating in these tests.
- Customer Data is the information our customers collect using their Centercode Platform Implementations. We call this information Customer Data because our Centercode Customer owns and controls this data. Customer Data includes personal data, such as account information (e.g. name, email) and demographic information (e.g. gender, age) that you provide when you create and update your account and profile. It also includes other data, such as information about the kinds of devices you use and the feedback you provide when you participate in a particular test, such as bug reports, feature suggestions, file uploads, and survey responses.
- An Authorized User is an end user of the Centercode Platform who has been authorized by a Centercode Customer to access its Centercode Platform Implementation.
- The Centercode Customer decides what personal and other information it asks for and collects from or about you using its Implementation, from account and profile creation, to community questionnaires and Customer Validation tests.
- The Centercode Customer controls how it configures its Implementation within the parameters available in the Centercode Platform.
- The Centercode Customer decides what third-party systems it integrates with and into its Implementation and/or what additional cookies or tracking technologies it incorporates into its Implementation and communications sent from its Implementation. These third party systems and technologies typically involve the sharing of data with other systems or providers.
- The Centercode Customer decides how it uses and shares the Customer Data it collects, including your personal data in its Implementation, and decides its retention policies and practices for this Customer Data. You should review the privacy notice or policy of the Centercode Customer.
- We hold and process Customer Data provided by an Authorized User (including personal data) on behalf of our Centercode Customer and in accordance with our agreement with, and instructions from, the Centercode Customer.
- In addition to processing Customer Data, the Centercode Platform passively collects other information, including IP address. We collect this information using mandatory session cookies and through system logging, and it provides information about your visitation to Centercode Platform Implementations. We use this information in furtherance of our legitimate interests in operating our services and business, including support, security, as required by law or to comply with legal process, for compliance investigations, and for audits, and use it in anonymous or aggregated form to develop and enhance our products and services, identify trends, and for other internal business purposes.
- If you, as an Authorized User of a Centercode Customer, would like to remove your account from a Centercode Customer’s Implementation or have another request related to your personal data that is Customer Data, you should contact the Centercode Customer that operates the Implementation for any requests beyond support using the functionalities available within the Implementation to remove or update your account information. If you are unable to contact the Centercode Customer controlling the Implementation, you may contact us at firstname.lastname@example.org for assistance.
Table of Contents
- The Customer Data We Process
- What This Means for End Users
- How Centercode Uses and Shares Customer Data
- Location of Centercode Customer Data; Third-Party Sub-Processors
- Security of Centercode Customer Data
- Other Information – Cookies and Log Data on the Centercode Platform
- Retention of Centercode Customer Data and Other Information
- Centercode Platform Use Requirements
- Links to Third-Party Sites
- Changes to This Policy
- European Personal Data and International Data Transfers
- “Controller” and “Processor”
- Personal Data Requests
- Questions or Concerns?
Centercode maintains separate privacy policies that describe its privacy practices with respect to personal data collected outside of Centercode Customers’ Implementations.
Centercode Customers have separate agreements with us that govern their services (“Customer Contracts”). The Customer Contract permits the Centercode Customer to create and configure its Centercode Platform Implementation so that its Authorized Users can join and access its Implementation. The Customer Contract contains our commitment to deliver the services to our Centercode Customer, which then can allow Authorized Users to access the Services. This policy is not intended to limit or modify any obligation we have to our Centercode Customer under the Customer Contract.
The Customer Data We Process
While the Customer Contract governs exactly what information is Customer Data, in general, Customer Data is information collected by the Centercode Customer from its Authorized Users using its Centercode Platform Implementation. The Centercode Customer’s Authorized Users regularly submit information to the Centercode Customer’s Implementation. The Authorized User would create an account and profile on the Centercode Customer’s Implementation as a member of the Centercode Customer’s test participant community or as a participant on its test(s). This Authorized User might also submit information like bug reports, feature suggestions, file uploads, survey responses, and similar information when applying for or participating in a test conducted on the Centercode Platform. The Centercode Customer owns and controls its Customer Data, including personal data that is part of the Customer Data.
What This Means for End Users
The Centercode Customer ultimately determines who its Authorized Users are and what information it collects from its Authorized Users using Centercode’s services, even where the Centercode Customer hires Centercode staff to perform managed Customer Validation services on its behalf. The Centercode Customer configures (or directs the configuration of) its Implementation of the Centercode Platform, including which third-party applications or technologies it might incorporate into its use of the Centercode Platform (via API, third party cookies, or otherwise) and the third-party applications to which it transfers Customer Data or from which it collects and imports Customer Data into the Centercode Platform.
The Centercode Platform provides different ways for the Centercode Customer to allow for collaboration and community spaces within its Centercode Platform Implementation. These features may display your full name, username, or other information that you provide to other Authorized Users.
The Centercode Customer is responsible for its configuration and use of its Implementation, and as the owner and controller of its Customer Data, is responsible for any required user consent or privacy disclosures.
How Centercode Uses and Shares Customer Data
We collect, hold, use, and share Customer Data as needed to provide the services to our Centercode Customer in accordance with the instructions of the Centercode Customer, including the terms in the Customer Contract and through its use of the functionalities of Centercode’s services, and as required by applicable law, legal process, or regulation. We also use it to respond to requests, comments, and questions by Authorized Users, to send emails and other communications to Authorized Users relating to service, technical, and administrative matters, such as security notices and updates about changes to our policies, and to investigate and help prevent security issues.
Location of Centercode Customer Data; Third-Party Sub-Processors
The Customer Data is located in the United States (unless the Customer Contract designates another location). We describe our third-party sub-processors here. We do not control the country or countries to which any Centercode Customer transfers the Customer Data. The United States and such other countries may not offer the same legal protections offered in your country of residence and may be considered by your country to offer insufficient legal protections.
Security of Centercode Customer Data
We maintain a written security policy for the security, integrity, and protection of the Customer Data against unauthorized disclosure or loss. We have physical, technical, and organizational processes and measures in place designed to safeguard this data. When accessing the Centercode Platform via a supported web browser, Transport Layer Security (SSL/TLS) is used to protect information using both server authentication and data encryption to help ensure the data is safe and secure in transit. Data stored on the Centercode Platform is encrypted at rest using AES-256.
We host the Centercode Platform on cloud-based servers located in a secure data center environment using a firewall and other advanced technology designed to prevent interference or access from outside intruders. The Centercode Platform requires verified email addresses, unique usernames, and strong passwords for account authentication.
Other Information – Cookies and Log Data on the Centercode Platform
In addition to Customer Data, we collect the following cookies and log data (“Other Information”) automatically when you access and use the services. When you access your account on the Centercode Platform, the platform uses mandatory session cookies to grant you access to, and secure, your account. These cookies allow the Centercode Platform to uniquely identify you following the entry of your username and password so that you can access your account. Session cookies are required in order to use the Centercode Platform.
In addition, when you log into an account, our servers automatically log typical HTTP information, including your Internet Protocol (IP) address, a unique device identifier (a UUID), your device name, operating system type and version, network type, country of origin, account use information (e.g. the pages viewed, the links clicked, the dates and times of requests and referral URL, and other actions taken), error messages received, problems encountered, and similar data.
We use Other Information in furtherance of our legitimate interests in operating our services and business. More specifically, we may use it to provide services and customer support, including for user authentication, user support, service security and performance, fraud monitoring and prevention, and security audits. We also use Other Information as required by applicable law, legal process, or regulation. Where requested by the Centercode Customer, we may share log data with Centercode Customers for audit, compliance, investigations, and customer support purposes. We also use Other Information, such as de-identified and aggregated log data gathered about the general use of our services, for internal business purposes, such as developing and enhancing our products and services, identifying usage trends, and for other legitimate business purposes.
A Centercode Customer has the ability to configure its Centercode Platform Implementation and emails that come from its Implementation to add additional cookies or institute other methods of passive information collection or tracking technologies, such as web beacons, clear gifs, and similar technologies. The Centercode Customer is responsible for its use of these technologies and is responsible for any required privacy disclosures.
The Centercode Platform currently does not respond to “Do Not Track” browser signals.
Retention of Centercode Customer Data and Other Information
We will retain Customer Data in accordance with the instructions of our Centercode Customer, including in the Customer Contract, and as required by applicable law. Deleted or updated Customer Data stored in our backup systems will be automatically deleted or updated within a reasonable period of time during Centercode’s backup procedures, except as otherwise required by applicable law.
We may retain Other Information for as long as necessary for the purposes described in this policy. This can include keeping Other Information after a Centercode Customer has deactivated its account and/or after you have removed your account for the period of time needed for us to pursue our legitimate business interests, conduct audits, comply with (and demonstrate compliance with) legal obligations, resolve disputes, and enforce agreements.
Centercode Platform Use Requirements
Links to Third-Party Sites
The Centercode Customer’s Implementation and emails that come from the Implementation may contain links to our Centercode Customer’s other websites and websites of other third parties on the Internet. We encourage you to review the privacy policies of such third parties. Please note that we are not responsible for the privacy policies and personal data collection, use, and disclosure practices (including the data security practices) of these third parties, including Centercode Customers.
Changes to This Policy
We reserve the right to change this policy. If we make changes to it, you will find the revised policy posted here, along with the effective date of the revised policy. Your use of and access to the Centercode Platform after any changes become effective will be considered your acceptance of those changes and will constitute your agreement to be bound by the new or modified policy.
European Personal Data and International Data Transfers
Where a Centercode Customer is processing personal data that is subject to the EU General Data Protection Regulation (the “GDPR”) using its Implementation, we offer the Centercode Customer a Data Processing Addendum that it can execute that includes standard contractual data protection clauses for the cross-border transfer of personal data from the European Union, the European Economic Area, Switzerland, and the United Kingdom to the United States. The Centercode Customer determines its Authorized Users and therefore it is the Centercode Customer’s obligation to enter into the Data Processing Addendum (or an appropriate data processing addendum including standard contractual data protection clauses) with Centercode. Centercode Customers whose data collection practices are subject to the GDPR can find more information on our GDPR and Centercode page.
“Controller” and “Processor”
In certain jurisdictions, data protection law (including the GDPR) differentiates between the “data controller” and the “data processor” of personal data. Each Centercode Customer, as the owner of its Customer Data, is the “data controller” with respect to its Customer Data. The Centercode Customer determines its own data privacy policies and practices for its Implementation of the Centercode Platform and for the Customer Data. We are the “data processor” with respect to the Centercode Customer Data and the “data controller” with respect to Other Information.
Personal Data Requests
Individuals residing in certain localities, including the European Union, the European Economic Area, Switzerland, and the United Kingdom (“European Residents”), have certain statutory rights regarding their personal data. Subject to any exemptions provided by law, these individuals may have the right to request access to their personal data, or seek to update, delete, or correct their personal data. You can use the features available within the Centercode Platform to perform many of these tasks. Where you are unable to do so, you must contact the Centercode Customer for any assistance that you require with your information that is Customer Data.
You may contact us at email@example.com regarding any request relating to Other Information that is personal data and may contact us if you require assistance getting in touch with our Centercode Customer. When you make a request to us, for your protection we may need to verify your identity prior to implementing any request. We will respond to your request promptly, and in no more than 30 days from your request, subject to applicable law.
Any European Resident who is dissatisfied with the handling of a request regarding his or her personal data within the scope of the GDPR has a right to lodge a complaint with his or her local data protection authority responsible for monitoring the application of the GDPR.
Questions or Concerns?