Version

Date: 20.05.2020 (prev: 29.11.2019)

Introduction

This Document describes and explains how cux.io (CUX, “We”, “Us”, “Our”, “Service”) collects and processes personal data, the purposes for processing and how we protect it. It applies to:
end-users (“End Users”) of Our Customers’ websites (“Customer Website(s)”) of Our Customers (“Our Customers”) – End Users section of this policy applies
visitors (“Visitors”) of all our owned domains and operated websites and its subdomains – Visitors section of this policy applies
Please do not hesitate to contact us with any questions or issues you may have.

Who we are?

We are a company registered under the name CUX Research Sp. z o. o. having its registered address situated at Robotnicza 42A, 53-608 Wrocław, Poland REGON: 383714872, VAT ID: PL8943142798, KRS: 0000792391. CUX complies with The Act of Personal Data Protection of Poland, (‘Applicable Law’), which transposes all the relevant European Union directives relating to data protection.

What we do?

CUX is a software as a service that analyse and visualise websites’ users behaviour. It helps our Customers out to understand how and why users behave in way they do. We are delivering custom code snippet for each domain submitted to CUX by our Customer. This will allows us to connect browser of End User to our servers. Connection is always established directly after webpage is fully loaded and rendered end will be closed when user closes browser tab or internet connection will be interrupted. Every single connection is established using SSL encryption with subdomains of .track.cux.io pointing to our servers in Roubaix, France (EU) or St. Ghislain, Belgium (EU).

What we collect?

We are collecting several different informations from End User browser. Data we collect are necessary to visualise users behaviour and they are not excessive.
The information collected and processed includes:
Device specific data
device’s IP address (we set the last two octets of IPv4 addresses to 0 and we strip last 64 bits of IPv6 to ensure the full IP address is never written to our storage or cache)
device screen resolution
browser viewport
browser color depth
screen orientation
device type (unique device identifiers), operating system, and browser type
geographic location (country only) based on anonymised IP
preferred language used to display site
User interactions
Pointer events (movements, location, clicks, taps, swipes, gestures)
Keypresses (anonymised to the representation of key type like char, number, special)
Website data
referring URL and domain
pages visited
tabs opened and visited
duration of the tab being focused
date, time and timezone when website pages were accessed.
Storage
cookies
local storage
session storage
We are using several storage engines on End User browser to collect non-personal information including standard internet log information and behavioural metadata. This helps us to provide a better experience, identify preferences, diagnose technical problems, analyse trends and improve our services.

How we secure data?

We implemented various measures to ensure that the information is adequately protected against unauthorised access, use, disclosure, and destruction. Please keep in mind that risk can never be eliminated but can be significantly mitigated and reduced. CUX shall not be held liable by any Third Party, including our Customers and Visitors, in any event of unauthorised access, use and/or disclosure of information provided that such is not due to Gross Negligence, willful misconduct, fraud or bad faith by us.
What we did to significantly reduce the risk:
access to the data stored on our servers are restricted to a limited number of employees and to users designated on our Customer’s accounts and Third Parties who can access the information only in specific and limited circumstances and are bound by confidentiality;
our servers are protected by:
firewalls – a barrier between Our trusted, secure internal network and the Internet
IP restrictions, limiting access to whitelisted IPs
services, applications and tools we are using are well known and delivered by trusted providers
data collected from our Customers are stored only on servers related to a restricted area (which we identify as “production”) and can’t be copied to any other environment
each Customer may only access information pertaining to its Customer Website that it is tracking and to the specific End Users visiting such Customers Website;
we use HTTPS for providing secure transfer of data to prevent wiretapping and man-in-the-middle attacks
due to our transparent policy, we are open to give You access to source code of our tracking code for audit purposes

Access and Disclosure

We do not rent or sell any information and data, but we do disclose Your information to a limited set of trusted Third Parties in the situations explained below, for which You, by using our Services, hereby explicitly consent.
We will disclose Your personal information where We are bound to do so, at law or via a court order as well as to meet any legal or regulatory requirements or obligations. We will use all reasonable efforts to ensure that those requirements or obligations are in accordance with Applicable Law;
We reserve the right to disclose Your information to any Third Party if We have reasonable information to believe that the disclosure is necessary for the purpose of an investigation and/or for the enforcement of any breaches of the Terms of Service (if applicable), to detect, prevent or otherwise address fraud, security, technical issues or other irregularities or illegalities, protect the rights and interests as well as the property of CUX;
We may also share aggregated anonymised, non-personal information with the public or with any Third Party for publishing industry trends related to our services.
We may revise this Privacy Policy from time to time. The most current version of the policy, found at app.cux.io/legal/privacy-policy will govern Our use of Your information collected and processed by us. We will provide You with advance notice of the modifications via email to the email associated with Your account and by posting a written notice on Our Site and You hereby agree that this shall constitute adequate notice in this regard. All changes to this Privacy Policy automatically take effect on the sooner of the day You use the Site and/or Services or 30 calendar days after they are initially posted on the Site. Your use of the Site and/or Services following the effective date of any modifications to this Agreement will constitute Your acceptance of the Agreement, as modified.

End User

You may opt-out from our services by turning on Do Not Track functionality in your browser. For more information please visit donottrack.us Our Privacy Policy should always be read in conjunction with the specific privacy policy of the Customer Website which will contain further details regarding the processing of Your personal data by the Customer Website. In addition to the general terms relating to the notices and revisions of this Privacy Policy as explained herein, any changes to the privacy policies regulating the Customer Website shall be notified to You in accordance with our Customers’ respective privacy policies available on the Customer Website.

Visitors

This section of our Privacy Policy explains the details of how we collect information from Your browser and device when you access cux.io (“Our Site”). By visiting Our Site, or by signing up via Our Site, You acknowledge that You accept and consent to Our privacy practices as outlined in this Privacy Policy. In addition to any other personal data referred to in this Privacy Policy, when You sign up and open an account, You are providing us directly with certain information about You. When creating an account or signing up for content or offers, We may ask You to provide Us with your name, email address and details about your organization. We will solely use this information to provide You with the service that You signed-up for. Where We would like to use the contact details You have provided Us with for any other purpose We will inform You and obtain Your consent before proceeding unless otherwise provided for in Applicable Law. For more information as to how to deactivate Your account and/or unsubscribe from receiving content or offers, simply email us at team@cux.io. CUX may obtain contact details for electronic mail in relation to the sale of its Services and may, therefore, use such details for direct marketing of its Services. In all correspondence, You shall have the opportunity to unsubscribe from receiving direct marketing free of charge. You may access a broad range of information about Your interactions with Our Site, including updating of your Account details and information. As a data subject, You may ask us, as the Data Controller, to confirm whether any of Your personal data is being processed. You may deactivate Your account and/or unsubscribe from receiving content or offers from Us at any time, by email us at team@cux.io. Following termination of Your account, we shall retain your personal information for a limited time for customer service issues only. We use a select number of trusted Third Party providers to help us provide Services to You. We only share information with the Third Party that is required for the service they are offering and contractually bind these providers to keep any information We share with them as confidential and to be used only for particular purposes. For example, amongst others, We have providers that process Our credit card transactions, support Our internal ticketing/support system, and manage Our marketing communications. Similarly, it may be necessary to share Your personal information or part of it, with OVH which stores the information within their servers, solely related to the storage facilities. By using CUX, You explicitly consent to and authorise us to sub-contract in this manner. In addition to the general terms relating to the notices and revisions of this Privacy Policy as explained herein, we will notify You of any material changes to this Privacy Policy via email to the email associated to Your account. By continuing to access or use our services after those changes become effective, or not notifying us of Your objection to the changes, You tacitly agree to be bound by the revised Privacy Policy.

Personal data

The Controller of your personal data is CUX Research Sp. z o. o. having its registered address situated at Robotnicza 42A, 53-608 Wrocław, Poland REGON: 383714872, VAT ID: PL8943142798, KRS: 0000792391 We will process your personal data to deliver services provided under the Agreement on the provision of services by electronic means, which provides a basis for processing of your personal data by Us. If you have also voluntarily consented to receive marketing and commercial information from us, we will be processing your personal data also for this purpose. Please be advised that under the Agreement concluded with Us, you are contractually obliged to provide the following personal data (this also being a prerequisite for providing our services):
email address, password, name
company data and address.
The provision of data for the purpose of pursuing legitimate interests of CUX is voluntary, yet necessary for the performance of the Agreement.
We will continue to process your personal data until cooperation has been concluded, that is, upon termination of the Agreement and once CUX determines that a client has no payment claims towards CUX (until CUX’s entitlements are collected through a recovery procedure and completed legal proceedings resulting in a final and legally valid court decision). As regards the data we process based on the legitimate interests pursued by CUX and based on the consent you have expressed – until the moment you notify objection. You have the right to request access to your personal data and order their rectification, erasure or restriction of processing. You also have the right to object to the processing of your personal data by CUX, as well as the right to transfer your personal data. If we are also processing your data under Article 6(1)(a) of the GDPR, that is, if you have given your consent to receiving marketing and commercial information, you have the right to withdraw this consent at any time. The processing of personal data by CUX is lawful from the moment consent has been expressed until it is withdrawn, which shall be the moment when such information has reached CUX. After the completion of the processing for the original purpose, data will not be processed for any other purpose. If you would like to exercise your rights referred to above, please email us at team@cux.io.

Third Parties

OVH: OVH Sp. z o.o. – stores the information within their servers, solely related to the storage facilities. https://www.ovh.pl/ochrona-danych-osobowych/
OVH: OVH SAS – stores the information within their servers, solely related to the storage facilities. https://www.kimsufi.com/pl/dokumenty/
GCP: Google Cloud Platform – stores the information within their servers, solely related to the storage and computing facilities. https://cloud.google.com/security/privacy
HubSpot: HubSpot, Inc. – marketing and sales processes. https://legal.hubspot.com/privacy-policy
PayLane Sp. z o.o – (Norwida 4, 80-280 Gdańsk, Poland, company number: 0000227278) – in order to process payments – https://paylane.pl/dokumenty-prawne/polityka-prywatnosci/
Google Analytics – measure and analyse traffic on our website and app. https://policies.google.com/privacy

Notices and Revisions to Privacy Policy

If You have any concerns about Your privacy, You are kindly requested to forward an email to us at team@cux.io containing a detailed description of Your concerns. We will do our best to resolve such issues within a reasonable time.

Governing Law and Dispute Resolution

This Privacy Policy forms an integral part of Our Terms of Service. The Governing Law and Dispute Resolution mechanism found in Our Terms of Service shall also apply to Our Privacy Policy.

Further Information

If you have any questions about our Privacy Policy or our privacy practices, please email to us at team@cux.io