This Privacy and Cookies Policy (“policy”) describes ChartMogul’s commitment to protecting your personal data and respecting your privacy. This policy applies to our customers (including those on free trials), subscribers, website visitors, and applicants (hereinafter referred to as “you”, “your” and “yours”).

The following statements describe who we are, which types of personal data we collect when you use our services, visit our websites, communicate with ChartMogul, and/or apply for a job at ChartMogul, what happens with this personal data, and how you can object to this processing, where applicable. All collection, processing, and use of personal data (“processing”) by ChartMogul is exclusively for the purposes of providing and optimizing the ChartMogul services (“services”), monitoring the function and performance of our websites, supporting our business operations, complying with legal and regulatory obligations, providing customer service, and marketing our services. The services have been designed with the goal of collecting as little personal data as possible to function.

Except as otherwise provided herein, for the purposes of this policy and data protection laws, namely the General Data Protection Regulation (GDPR) (EU) 2016/679 (“GDPR”), we are the data controller, meaning we determine the purpose and means of processing of your personal data. If you have questions about our processing of personal data, you will find our contact information and the contact details for our Data Protection Officer in the section below.

There may be situations when more than one data controller processes your information, such as when you access the ChartMogul website through a widget. In these situations, we act as an independent data controller over our processing activities and make determinations over how data will be processed independently from other data controllers. We are not responsible for the processing of other data controllers, including customers, and you should contact them directly regarding questions about how they process your personal data. If you have questions about our processing of personal data, you will find our contact information and the contact details for our Data Protection Officer in the section below.

Controller

The controller, sometimes referred to as the responsible entity, according to Art. 4 Nr. 7 of the GDPR is: ChartMogul GmbH & Co. KG, ℅ WeWork, Kemperplatz 1, 10785 Berlin, Germany

Appointed Data Protection Officer for ChartMogul GmbH & Co. KG

The appointed data protection officer for EEA and UK is: ePrivacy GmbH, represented by Prof. Dr. Christoph Bauer, Burchardstrasse 14, 20095 Hamburg, Germany

For questions related to data protection, you can contact the appointed data protection officer via email through: privacy@chartmogul.com

Or by post: ePrivacy GmbH, Burchardstrasse 14, 20095 Hamburg, Germany

If you wish to communicate directly with our data protection officer (because you have a particularly sensitive matter for example), please contact them by post, as communication by e-mail could always have security gaps. Please state in your request that your concern relates to the company ChartMogul.

Definitions

When we refer to “personal data,” we mean all particulars related to an identified or identifiable natural person (“data subject”).

When we refer to ChartMogul, “we” or “us”, we mean ChartMogul GmbH & Co. KG. All customers are billed through this entity. ChartMogul Technology Canada Ltd and ChartMogul, LLC are processors of ChartMogul GmbH & Co. KG, providing customer support and North American sales, and recruiting functions, respectively. We may share your personal data with our operating subsidiaries as necessary for the provision of services.

When we refer to “our website(s)” and/or “ChartMogul websites,” we mean any website owned and / or operated by ChartMogul, especially chartmogul.com (including all subdomains) and mogul.io (including all subdomains).

When we refer to “ChartMogul application,” we mean ChartMogul’s product hosted at app.chartmogul.com.

Data Protection Principles

The GDPR sets out the principles which must be complied with by any party handling personal data. ChartMogul will comply with these principles, as detailed in Article 5 of the GDPR;

• Processed lawfully, fairly, and in a transparent manner in relation to the data subject;

• Collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific, or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes subject to appropriate safeguards, and provided that there is no risk of breaching the privacy of the data subject;

• Adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed;

• Accurate and where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that is inaccurate, having regard to the purposes for which they are processed, is erased or rectified without delay;

• Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organizational measures required by GDPR in order to safeguard the rights and freedoms of the data subject;

• Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures;

• Article 5(2) states that the controller is responsible for and must be able to demonstrate compliance with the data protection principles

Accountability

The GDPR obliges organizations to demonstrate that their processing activities are compliant with the data protection principles. The principle of accountability seeks to guarantee the enforcement of these principles. We will demonstrate compliance in the following ways:

• by maintaining record schedules which will include details on Personal Data collected, held, or processed in line with Article 30 – ‘Records of Processing Activities’;

• upon request, these records will be disclosed to the relevant lead authority in the applicable jurisdiction.

Legal Basis for Processing Personal Data

In order to process personal data, a lawful ground must exist. A number of permitted grounds for processing are enumerated in Article 6 of the GDPR.

One ground for the processing of personal data is Article 6, Paragraph 1(a) of the GDPR, which is the freely given consent of the data subject to do so. This consent is bound to a particular purpose. For example, we may collect personal data such as your name and email address when you subscribe to our newsletter.

A second ground for the processing of personal data is to fulfill the requirements of a contract, as specified in Article 6, Paragraph 1(b) of the GDPR. Performance of contract is understood to include the initiation of a commercial relationship. This ground applies to ChartMogul when a user completes our contact form or contacts our Customer Success or Sales team using any other means to obtain a non-binding quotation.

Article 6, Paragraph 1(c) of the GDPR permits the processing of personal data where a legal requirement to do so exists.

Article 6, paragraph 1(d) permits the processing of personal data in exceptional circumstances, where doing so is necessary to protect the vital interests of the data subject.

It is also possible that personal data will be processed on the basis of Article 6, paragraph 1(f) of the GDPR. This is the so-called “legitimate interests” ground, which is interpreted with reference to Recital 47 of the GDPR. The GDPR treats this as a “fallback ground”, which only applies where no other previously listed lawful ground for processing applies. When this ground is relied upon, an assessment must carefully weigh the legitimate interests of the data subject against the legitimate interests of the data controller.

What Personal Data We Collect

Unless expressly stated, the provision of your personal data is not required or obligatory. The personal data that we collect about you broadly falls into the categories set out below. Some of this information you provide voluntarily when you interact with ChartMogul services, websites, and/or application. Other types of information may be collected automatically from your device, such as Device and Service Data. From time to time, we may also receive personal data about you from third party service providers (as further described below).

Use of Cookies

In addition to the previously listed data, cookies will be saved on your computer when you use our website. Cookies are small pieces of textual data which are saved on your hard disk by your web browser, through which ChartMogul, who sets the cookie’s contents, can collect certain information about you. Cookies cannot execute any code, nor transfer any viruses to your computer. We use them in order to anonymously or pseudonymously analyze the use of the website and present relevant offers to you.

This website uses the following types of cookies, whose scope and functionality is detailed in the following paragraphs.

• transient cookies (see paragraph 1)
• persistent cookies (see paragraph 2)

1. Transient cookies are automatically deleted when you close your browser. They are used particularly as session cookies. These save a so-called “session ID” which is used to link subsequent requests made by your browser to each other. Through this, your computer can be recognized when you return to our website. These session cookies are deleted, when you log out, or close your browser.

2. Persistent cookies are only deleted after a predetermined duration, which can be different for each cookie. You can delete these persistent cookies anytime, though, in the “Settings” configuration of your browser. We advise you that, if you do so, not all functionality of this website will be available.

Previously set cookies can be deleted through the settings of your browser. You may also be able to prevent the placement of some cookies on your computer through the relevant settings of your internet browser. We advise you that preventing the placement of cookies on your computer can mean that not all functionality of our website is available without limitations. Moreover, due to a lack of industry standard for recognizing Do Not Track browser signals, it’s possible that third party service providers may continue to collect your personal data through cookies.

Click here to view our cookie declaration.

How We Use Your Personal Data

We may collect personal data about our customers users, subscribers, website visitors, and applicants in the following situations for the purposes listed (to the extent applicable):

ChartMogul Websites

When you visit our websites, our server temporarily saves details of your access in its logs. These logs contain the following personal data, which are kept until their automatic deletion:

• Device and Service Data
• Activity Data

The purpose of recording this personal data is to make it possible to serve the website to you (by establishing a TCP/IP connection), to secure our servers, and for the technical administration of our infrastructure as well as the optimisation of our services. Only in the case of unauthorised access or attacks on our infrastructure will your IP address be analyzed. No further information is required from you to access our website, though Cookie Data may be processed in accordance with your selections on our website. See the section below entitled Use of Cookies for more details.

Website Registration

To register on our website, you must enter your details in the “Sign Up” form. These details are processed solely for registration, and not passed to any third parties unless ChartMogul has a lawful basis to do so.

• Contact Data
• Your company’s MRR band (from a predefined list)

In accordance with your cookie selections, and to prevent any potential misuse, we may also process:

• Cookie Data
• Device and Service Data

During or after the registration, you are free to alter your personal data. It is also possible to completely cancel your registration, so that personal data is deleted.

ChartMogul Application

When you trial or subscribe to and use the ChartMogul application, you provide the following data, which is kept until you (1) request its deletion (which may render some services or functions unavailable), (2) unsubscribe and request deletion, or 3) unsubscribe and a set period of time elapses, in accordance with our data retention policy:

• Contact Data
• Account Data
• Billing Data
• Communications Data
• Cookie Data
• Device and Service Data
• Activity Data

The purpose of processing this data is to provide, maintain, promote, and optimize services, communicate with you, process payments, monitor and analyze trends and usage, prevent misuse, personalize our websites and services, and for other purposes for which we obtain your consent.

Newsletter Subscriptions

When you subscribe to our newsletter, you provide the following data, which is kept until you unsubscribe from the newsletter:

• Your email address

The purpose of processing this data is to send newsworthy updates to our subscribers. Please note that you will continue to receive legal notices and other important account information after you unsubscribe from our newsletter.

Marketing Communications

When we have a legitimate interest in contacting you because of a commercial benefit you might obtain from our services, or services offered by our Partners, we may communicate with you. Moreover, when you download gated content from us, or otherwise provide us with a means of contacting you, we may use it to communicate with you. For example, we may send you product updates, information about webinars and podcasts, promotional offers, industry news, or other communications about your use of the services. We may receive confirmation when you open a message from us, which helps us make our communications more interesting and improve our services. If you do not want to receive marketing communications from us, please indicate your preference by using the unsubscribe mechanism provided by the communication. Please note, however, that you will continue to receive legal notices and other important account information after you unsubscribe from our marketing list. When you request gated content from us, you provide the following data, which is kept until you unsubscribe:

• Your email address

The purpose of processing this data is to send marketing updates, promotional offers, and other communications, as well as to improve our services.

Job Applications and Employment

It is possible to apply for jobs at ChartMogul through our online application system hosted by Recruitee (see details below). When you do so, we will process the personal data you send us, and save it to continue the application process.

If the application leads to an employment relationship, the supplied personal data will be retained, according to the requirements of relevant law. Should the application not lead to an offer of employment, the personal data of the applicant will be deleted in accordance with our data retention policy, except when required to comply with §22 of the Allgemeines Gleichbehandlungsgesetz or other applicable law.

The following personal data may be processed to advertise open positions, recruit and communicate with candidates, source and select applicants for open positions, and communicate offers:

• Contact Data
• Professional Data
• Communications Data

Securing Your Data

To secure your data, we have put in place technical, organizational, and personnel procedural measures to safeguard personal data against loss, theft, and unauthorised access, uses, or modifications. These measures meet the requirements of the GDPR, and we require any third party service providers we use to do the same. Security and testing are performed on systems containing personal data to verify and control effectiveness. Security of these systems is monitored continuously.

Your data is only ever saved on secure servers, which may only be accessed by a few authorized personnel. When you use a form on our website to transmit data to us, this transmission is only performed over an encrypted TLS connection.

Deletion of Personal Data

Unless you specifically ask us to delete your personal data, ChartMogul keeps and processes personal data for as long as it is necessary to comply with our data retention requirements, provide you with services, and successfully run our business. However, even if you request a deletion, we may be required to retain your data for as long as necessary to:

1. comply with our legal or regulatory compliance needs (e.g. maintaining records of transactions you have made with us);

2. to exercise, establish or defend legal claims; and/or

3. to protect against fraudulent or abusive activity on our service.

When the purpose of the processing has been fulfilled, your personal data will be deleted in accordance with our data retention policy, unless we are required to retain it. There may be occasions where we are unable to fully delete, anonymize, or de-identify your information due to technical, legal, regulatory compliance, or other operational reasons. Where this is the case, we will take reasonable measures to securely isolate your personal data from any further processing until such time as we are able to delete, anonymize, or de-identify it.

Your Rights

You have the following rights concerning your personal data:

• The right to access your personal data
• The right to correct or delete your personal data
• The right to restrict processing of your personal data
• The right to object to the processing of your personal data
• The right to data portability
• The right to confirm whether your personal data is being processed or not
• The right to withdraw consent at any time where processing is based on consent
• The right to information on the existence of automated decision-making, if any, as well as meaningful information about the logic involved, its significance, and its envisaged consequences
• The right to lodge a complaint with a supervisory authority

If you have given your consent to the processing of your personal data, you can freely withdraw this consent at any time. This will only affect the processing of your personal data after you have withdrawn consent.

Please note that even if you request your personal information to be deleted, certain data may be retained for us to meet our legal or regulatory compliance, exercise, establish, or defend against legal claims, and protect against fraudulent or abusive activity. Personal data retained for these purposes will be handled as described in the section above, entitled Deletion of Personal Data.

Should we continue to process your personal data because we assess our legitimate interests to do so outweigh your legitimate interests (per Article 6, paragraph 1(f) of the GDPR) you may object to this processing. This is only applicable in the case where the processing of personal data is not required for us to fulfill a contract with you. To exercise such an objection, we request that you detail the grounds based on which we should no longer process your personal data. We will check the details of your circumstances based on the grounds you provide, and either stop processing your personal data, or detail to you the legal basis on which we continue to process your personal data.

How You Can Exercise Your Rights

Should you wish to exercise any of these rights, you will need to provide proof of identification that you are the person to whom the personal data relates. When you exercise your right to access, the information you will receive includes the personal data we have related to you, the source of that personal data, the recipients or types of recipients to whom the data was transferred, how long the personal data will be stored, and the purposes for data processing. To exercise any of these rights, please contact our data protection officer named in the beginning of this document either by email: privacy@chartmogul.com, or by post: ePrivacy GmbH, Burchardstrasse 14, 20095 Hamburg, Germany

California Residents

If you are a consumer located in California, we process your personal data in accordance with the California Consumer Privacy Act (CCPA). Any references to personal data in this policy will also mean “personal information” as that term is defined in the CCPA.

How We Collect, Use, and Disclose your Personal Information

The section above entitled What Personal Data We Collect describes the personal data we may have collected about you, including the categories of sources of that information. We collect this information for the purposes described in the section above entitled How We Use Your Personal Data. We share this information as described in the section above entitled Third Party Service Providers. ChartMogul uses cookies, including advertising cookies, as described in the section above, entitled Use of Cookies.

Your CCPA Rights and How to Exercise Them

As a California consumer and subject to certain limitations under the CCPA, you have rights regarding your privacy, and corresponding choices regarding our use and disclosure of your personal information. Below you will find details about your rights and how to exercise them.

• Right to know: You may request the following information about the personal information we have collected about you:
  • the categories of personal information we have collected
  • the categories of sources from which we collected the personal information
  • the business or commercial purpose for collecting the personal information
  • the categories of third parties with whom we shared the personal information
  • the categories of personal information that we disclosed for a business purpose, and the categories of third parties to whom we disclosed that information for a business purpose

• Right to delete: You may request that we delete the personal information we have collected about you, subject to certain limitations under applicable law.

• Right to opt-out: You may request to opt out of any “sale” of your personal information that may take place. We do not sell your personal information in the conventional sense. However, like many companies, we use advertising services that tailor online ads to your interests based on information collected via cookies and similar technologies about your activity on our websites and other online services. The definition of “sale” under the CCPA is broad and may include use of retargeting and interest-based advertising services. You can read more information about cookies and your ability to opt-out in the section above entitled Use of Cookies.

• Right to non-discrimination: The CCPA provides that you may not be discriminated against for exercising these rights.

To submit a request to exercise any of the rights described above, contact privacy@chartmogul.com

When exercising your rights, we may need to verify your identity before responding to your request, such as verifying that the email address from which you send the request matches your email address that we have on file. Authentication based on a government-issued and valid identification document may be required.

How We Share Your Data

ChartMogul may process your personal data in the European Economic Area and in any other country where our subsidiaries or service providers operate facilities in accordance with and as permitted by applicable laws and regulations. Some of these countries may have data protection laws that are different from the laws of your country (and, in some cases, may not be as protective).

When we process personal data outside of the European Economic Area, we take appropriate safeguards to require that it remains protected in accordance with this policy and applicable law. We may use contracts, the Standard Contractual Clauses approved by the European Commission, or other contractual regulations provided for by law, which are intended to ensure adequate protection of your data and which you can review on request.

Partners

You may be provided with offers, products, and services from third party companies who, for example, integrate with our Services. If you choose to export your data to a third party, interact with or apply for services or offerings from a third party, or otherwise link or sync your ChartMogul account to a third party’s product or service, you consent and instruct ChartMogul to share your information, including personal information, to the third party providing the service or offering. Remember that any information you provide to a third party, whether through us or on your own, will be subject to their privacy policies and terms and conditions.

Third Party Service Providers

In order to operate and perform functions such as hosting our application, storing and analyzing data, processing payments, communicating with you, and providing and optimizing our services, we use third party service providers. Some of these third party service providers are located outside the European Economic Area. We shall disclose your information to third parties only when you have authorised us to do so, it is necessary as part of business practices, or when there is a legal or statutory obligation to do so. Whenever we disclose information to third parties, we will only disclose that amount of personal information necessary to meet such business need or legal requirement.

We only engage third party service providers after a comprehensive review which carefully considers each third party service provider’s competence, as well as their technical and organizational data protection measures. The results of this review are recorded in writing. To protect your personal data, we also sign data processing agreements, complete with standard contractual clauses, as applicable, that comply with Article 28 of the GDPR with third party service providers.

Notwithstanding anything to the contrary in this policy, please note that to the extent that you elect to provide the ChartMogul application access to your Google user data, including Gmail message bodies (including attachments), metadata, headers, and settings by connecting with a Gmail account, our use of your Google user data will be further limited as follows:

• The ChartMogul application will only use access to read or send Gmail message bodies (including attachments), metadata, headers, and settings to provide a solution that allows your users of the ChartMogul application to compose, send, read, and process emails.
• The ChartMogul application will not transfer this Google user data to others unless doing so is necessary to provide, support, and improve these features, for security purposes, to comply with applicable law, or as part of a merger, acquisition, or sale of assets.
• The ChartMogul application will not use this Google user data for serving advertisements.
• The ChartMogul application will not allow humans to read this Google user data unless we have your affirmative agreement for specific messages, files, or other data, doing so is necessary for security purposes such as investigating abuse, to comply with applicable law, or for our internal operations, and then only when the data have been aggregated and anonymized.
• The ChartMogul application’s use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

We may amend this section from time to time to comply with the Google API Services User Data Policy, to the extent it relates to our use of such Google user data. For the avoidance of doubt, the additional restrictions contained in this section shall only apply to Google user data received through the Google OAuth API, to the extent such use is applicable to you.

Here are the details of our main third party service providers and the data they collect or that we share with them:

Infrastructure

Amazon Web Services

ChartMogul uses Amazon Web Services (AWS) to host its infrastructure. All persistent data (such as databases, file storage, and temporary data), as well as compute power (such as web servers and processing machines), run on AWS EU Ireland Region (eu-west-1).

The responsible entity is: Amazon Web Services, Inc., 410 Terry Avenue North, Seattle, WA 98109, United States of America

Data processed:

• Contact Data
• Account Data
• Communications Data
• Cookie Data
• Device and Service Data
• Activity Data

The legal basis is our contractual obligation to provide services requested by you, Art. 6 1(b) of the GDPR. We have concluded an agreement with AWS with regard to the processing of your data in accordance with Art. 28 GDPR. You can find further information about AWS’ data processing and data protection at: https://d1.awsstatic.com/legal/aws-gdpr/AWS_GDPR_DPA.pdf

Web Performance and Security

Cloudflare

ChartMogul uses Cloudflare to manage traffic and secure its websites and services.

The responsible entity is: Cloudflare, Inc., 101 Townsend Street, San Francisco, CA 94107, United States of America

Data processed:

• Device and Service Data
• Activity Data

The legal basis is our legitimate interest in fraud prevention and information security, Art. 6 1(f) of the GDPR. We have concluded an agreement with Cloudflare with regard to the processing of your data in accordance with Art. 28 GDPR. You can find further information about Cloudflare’s data processing and data protection at: https://www.cloudflare.com/en-gb/privacypolicy/ and https://www.cloudflare.com/en-gb/cloudflare-customer-dpa/

Datadog

ChartMogul uses Datadog to aggregate logs for debugging, and to monitor traffic and interactions with our websites and application to identify security risks.

The responsible entity is: Datadog, Inc., 620 8th Avenue, Floor 45, New York, NY 10018, United States of America

Data processed:

• Account Data
• Device and Service Data
• Activity Data

The legal basis is our legitimate interest in fraud prevention and information security, Art. 6 1(f) of the GDPR. We have concluded an agreement, with Standard Contractual Clauses, with Datadog with regard to the processing of your data in accordance with Art. 28 GDPR. You can find further information about Datadog’s data processing and data protection at: https://www.datadoghq.com/legal/privacy/

Snowflake

ChartMogul uses Snowflake as a data warehouse solution and data analysis engine to improve the performance of our platform.

The responsible entity is: Snowflake Computing Netherlands B.V., FOZ Building, Gustav Mahlerlaan 300-314, 1082 ME Amsterdam, Netherlands

Data processed:

• Contact Data
• Account Data
• Communications Data
• Cookie Data
• Device and Service Data
• Activity Data

The legal basis is our legitimate interest in this information for data warehousing and analytics purposes, Art. 6 1(f) of the GDPR. We have concluded an agreement, with Standard Contractual Clauses, with Snowflake with regard to the processing of your data in accordance with Art. 28 GDPR. You can find further information about Snowflake’s data processing and data protection at: https://www.snowflake.com/legal/ and https://www.snowflake.com/privacy-policy/

Communications

Calendly

ChartMogul uses Calendly to allow customers to schedule calls with our Sales and Customer Success teams.

The responsible entity is: Calendly, LLC, BB&T Tower, 271 17th St NW, Atlanta, GA 30363, United States of America

Data processed:

• Contact Data
• Device and Service Data
• Optional information

The analyses of your actions to schedule calls through Calendly are transferred to us in the form of reports. Calendly may give any of your information to further parties where legally required to do so, or as contracted by Calendly.

The legal basis is our legitimate interest in effective communication, Art. 6 1(f) of the GDPR. We have concluded an agreement with Calendly with regard to the processing of your data in accordance with Art. 28 GDPR. You can find further information about Calendly’s data processing and data protection at: https://calendly.com/privacy

Disqus

Disqus provides the infrastructure for comments in ChartMogul’s blog. The blog comment hosting services are made possible through the use of JavaScript, cookies, and clear gifs.

The responsible entity is: Disqus, Inc., 717 Market Street, Suite 700, San Francisco, CA 94103, United States of America

Data processed:

• Contact Data
• Communications Data
• Cookie Data
• Other optional information, including content of comment

The analyses of your actions on our website are transferred to us in the form of reports. Disqus may give this information to further parties where legally required to do so, or as contracted by Disqus. Disqus also uses this information to provide targeted advertising to users.

Users that have a Disqus account can update the privacy settings in their account to opt out of targeted advertising. Users that do not have a Disqus account can opt out of targeted advertising by visiting https://disqus.com/data-sharing-settings/

The legal basis is our legitimate interest in facilitating interaction with our blogs, Art. 6 1(f) of the GDPR. We have concluded an agreement with Disqus with regard to the processing of your data in accordance with Art. 28 GDPR. You can find further information about Disqus’ data processing and data protection at: https://help.disqus.com/terms-and-policies/disqus-privacy-policy

Dropbox Sign

ChartMogul uses Dropbox Sign to facilitate electronic signing of documents.

The responsible entity is: Dropbox International Unlimited Company, One Park Place, Hatch Street Upper, Dublin 2, Ireland

Data processed:

• Contact Data
• Account Data
• Billing Data
• Professional Data
• Communications Data
• Other information depending on context

The legal basis is our legitimate interest in file management, Art. 6 1(f) of the GDPR. We have concluded an agreement with Dropbox Sign with regard to the processing of your data in accordance with Art. 28 GDPR. You can find further information about Dropbox Sign’s data processing and data protection at: https://assets.dropbox.com/documents/en/legal/hs-data-processing-agreement.pdf and https://www.hellosign.com/privacy?www_referrer=https%3A%2F%2Fwww.google.com%2F

Eventbrite

ChartMogul uses Eventbrite to manage registrations to events hosted or sponsored by ChartMogul. The option to subscribe to events is made possible through the use of cookies and JavaScript widgets.

The responsible entity is: Eventbrite, Inc. 155 5th Street, Floor 7, San Francisco, CA 94103, United States of America

Data processed:

• Contact Data
• Cookie Data

The analyses of your actions on our website are transferred to us in the form of reports. Eventbrite may give this information to further parties where legally required to do so, or as contracted by Eventbrite.

The legal basis is our legitimate interest in event management, Art. 6 1(f) of the GDPR. We have concluded an agreement with Eventbrite with regard to the processing of your data in accordance with Art. 28 GDPR. You may find further information about Eventbrite’s data processing and data protection here: https://www.eventbrite.com/support/articles/en_US/Troubleshooting/eventbrite-privacy-policy?lg=en_US

Formspree

ChartMogul uses FormSpree to allow you to book demonstrations with our Sales team. The ability to submit an online form is made possible using JavaScript and cookies.

The responsible entity is: Formspree, Inc., 309 East 21st Street, Room 3331, Austin, TX 78705, United States of America

Data processed:

• Contact Data
• Cookie Data
• Optional information

The legal basis is our legitimate interest in effective communication, Art. 6 1(f) of the GDPR. We have concluded an agreement with Formspree with regard to the processing of your data in accordance with Art. 28 GDPR. You can find further information about Formspree’s data processing and data protection at: https://formspree.io/legal/privacy-policy

Google Workspace

ChartMogul uses Google Workspace, including its applications for email (Gmail), calendar (Google Calendar), cloud storage (Google Drive), word processing (Google Docs), and spreadsheets (Google Sheets).

The responsible entity is: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Data processed:

• Contact Data
• Account Data
• Billing Data
• Professional Data
• Communications Data

The legal basis is our legitimate interest in communications and file management, Art. 6 1(f) of the GDPR. We have concluded an agreement with Google with regard to the processing of your data in accordance with Art. 28 GDPR. You can find further information about Google’s data processing and data protection at: https://policies.google.com/

Loom

ChartMogul uses Loom for internal presentations.

The responsible entity is: Loom, Inc., 5214F Diamond Heights Boulevard, #3391, San Francisco, CA 94131, United States of America

The designated EU representative is: VeraSafe Ireland Ltd., Unit 3D North Point House, North Point Business Park, New Mallow Road, Cork T23AT2P, Ireland

The designated UK representative is: VeraSafe United Kingdom Ltd., 37 Albert Embankment, London SE17TL, United Kingdom

Data processed:

• Contact Data
• Other information depending on context

The legal basis is our legitimate interest in effective communication, Art. 6 1(f) of the GDPR. We have concluded an agreement with Loom with regard to the processing of your data in accordance with Art. 28 GDPR. You can find further information about Loom’s data processing and data protection at: https://www.loom.com/dpa

Nylas

ChartMogul uses Nylas’ Email API product to allow ChartMogul users to connect their email accounts to our platform, display messages with threads and attachments, and send emails via the platform.

The responsible entity is: Nylas, Inc., 944 Market Street, San Francisco, CA 94102, United States of America

Data processed:

• Contact Data
• Account Data
• Communications Data, including email contents and attachments

You may be able to use OAuth scopes to control or limit what data is processed by our platform when you authenticate your account. The legal basis is our contractual obligation to provide services requested by you, Art. 6 1(b) of the GDPR. We have concluded an agreement, with Standard Contractual Clauses, with Nylas with regard to the processing of your data in accordance with Art. 28 GDPR. You can find further information about Nylas’ data processing and data protection at: https://www.nylas.com/privacy-policy/

Pitch

ChartMogul uses Pitch for internal presentations, as well as externally to demonstrate our platform.

The responsible entity is: Pitch Software GmbH, Joachimstraße 7, 10119 Berlin, Germany

Data processed:

• Contact Data
• Other information depending on context

The legal basis is our legitimate interest in effective communication, Art. 6 1(f) of the GDPR. We have concluded an agreement with Pitch with regard to the processing of your data in accordance with Art. 28 GDPR. You can find further information about Pitch’s data processing and data protection at: https://pitch.com/dpa

Salesroom

ChartMogul uses Salesroom to host video calls with prospective customers, as well as to record sales and training calls in order to prepare, collaborate, and improve the sales experience, customer support, and services. Calls are only recorded with consent, so if you do not want your call recorded, you may indicate such.

The responsible entity is: Salesroom, Inc., 9 Kylie Lane, Natick, MA 01760, United States of America

Data processed:

• Contact Data
• Communications Data
• Video and voice recording
• Other optional information depending on context

The legal basis is your consent, which may be freely withheld, Art. 6 1(a) of the GDPR. We have concluded an agreement with Salesroom with regard to the processing of your data in accordance with Art. 28 GDPR. You may find further information about Salesroom’s data processing and data protection here: https://www.salesroom.com/terms-conditions and https://www.salesroom.com/privacy-policy

Slack

ChartMogul uses Slack as a chat tool to discuss such matters as operations, projects, support needs, and feature requests.

The responsible entity is: Slack Technologies Limited, 4th Floor, One Park Place, Hatch Street Upper, Dublin 2, Ireland

Data processed:

• Contact Data
• Account Data
• Professional Data
• Communications Data

The legal basis is our legitimate interest in effective communication, Art. 6 1(f) of the GDPR. We have concluded an agreement, with Standard Contractual Clauses, with Slack with regard to the processing of your data in accordance with Art. 28 GDPR. You can find further information about Slack’s data processing and data protection at: https://slack.com/trust/privacy/privacy-policy

Teteworks

ChartMogul uses a product from Teteworks called Ripe. Ripe is a widget that sits in the ChartMogul application and allows trial users to engage with our Sales team directly.

The responsible entity is: Teteworks AB, Ringvägen 108, 116 61 Stockholm, Sweden

Data processed:

• Account Data
• Activity Data

The legal basis is our legitimate interest in effective communication, Art. 6 1(f) of the GDPR. We have concluded an agreement with Teteworks with regard to the processing of your data in accordance with Art. 28 GDPR. You can find further information about Teteworks’ data processing and data protection at https://www.getripe.com/dpa.

Typeform

ChartMogul uses Typeform to collect customer feedback in NPS surveys.

The responsible entity is: TYPEFORM S.L., Carrer Bac de Roda, 163, 08018 Barcelona, Spain

Data processed:

• Contact Data
• Account Data
• Optional information, including comments

The user’s responses to the survey, including service rating and comments, are submitted to Typeform’s servers and saved there when a user submits the survey.

Typeform may give this information to further parties where legally required to do so, or as contracted by Typeform.

The legal basis is our legitimate interest in customer feedback, Art. 6 1(f) of the GDPR. We have concluded an agreement with Typeform with regard to the processing of your data in accordance with Art. 28 GDPR. You may find further information about Typeform’s data processing and data protection here: https://admin.typeform.com/to/dwk6gt

Whereby

ChartMogul uses Whereby for video conferencing.

The responsible entity is: Whereby AS, Gate no. 107, 6700 Måløy, Norway

Data processed:

• Contact Data
• Communications Data
• Video and voice recording
• Other optional information, depending on context

The legal basis is our legitimate interest in effective communication, Art. 6 1(f) of the GDPR. We have concluded an agreement with Whereby with regard to the processing of your data in accordance with Art. 28 GDPR. You may find further information about Whereby’s data processing and data protection here: https://whereby.com/information/tos/privacy-policy/

Zoom

ChartMogul uses Zoom for video conferencing.

The responsible entity is: Zoom Video Communications, Inc., 55 Almaden Boulevard, Suite 600, San Jose, CA 95113, United States of America

The designated EU representative is: Lionheart Squared Ltd, 2 Pembroke House, Upper Pembroke Street 28-32, Dublin, DO2 EK84, Ireland

The designated UK representative is: Lionheart Squared Limited, 17 Glasshouse Studios, Fryern Court Road, Fordingbridge, Hampshire, SP6 1QX, United Kingdom

Data processed:

• Contact Data
• Communications Data
• Video and voice recording
• Other optional information, depending on context

The legal basis is our legitimate interest in effective communication, Art. 6 1(f) of the GDPR. We have concluded an agreement with Zoom with regard to the processing of your data in accordance with Art. 28 GDPR. You may find further information about Zoom’s data processing and data protection here: https://explore.zoom.us/en/privacy/

Payments

Braintree

ChartMogul uses Braintree to process payments from some of our existing customers and provide billing information to these customers.

The responsible entity is: PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449, Luxembourg

Data processed:

• Contact Data
• Account Data
• Financial Data
• Billing Data
• Device and Service Data

If you wish to avoid sending your data to Braintree, you can do so by not signing up for a paid ChartMogul plan. If you do so however, your ability to use ChartMogul’s services could be severely reduced.

The legal basis is performance of our contract to provide you services, Art. 6 1(b) of the GDPR. We have concluded an agreement with Braintree with regard to the processing of your data in accordance with Art. 28 GDPR. You can find further information about Braintree’s data processing and data protection here: https://www.braintreepayments.com/de/legal/data-protection-addendum and https://www.braintreepayments.com/de/legal/braintree-privacy-policy.

Recurly

ChartMogul uses Recurly to process payments from some of our customers and provide billing information to these customers.

The responsible entity is: Recurly Inc., 400 Alabama St, Suite 202, San Francisco, CA 94110, United States of America

The designated EU representative is: DP-Dock GmbH, Attn: Recurly Inc., Ballindamm 39, 20095 Hamburg, Germany

The designated UK representative is: DP Data Protection Services UK Ltd., Attn: Recurly Inc., 16 Great Queen Street, Covent Garden, London, WC2B 5AH, United Kingdom

Data processed:

• Contact Data
• Account Data
• Financial Data
• Billing Data
• Device and Service Data

If you wish to avoid sending your data to Recurly, you can do so by not signing up for a paid ChartMogul plan. If you do so however, your ability to use ChartMogul’s services could be severely reduced.

The legal basis is performance of our contract to provide you services, Art. 6 1(b) of the GDPR. We have concluded an agreement with Recurly with regard to the processing of your data in accordance with Art. 28 GDPR. You may find further information about Recurly’s data processing and data protection here: https://recurly.com/legal/privacy

Stripe

ChartMogul uses Stripe to process payments from some of our existing customers and provide billing information to these customers.

The responsible entity is: Stripe, Inc, 354 Oyster Point Boulevard, South San Francisco, CA 94080, United States of America

Data processed:

• Contact Data
• Account Data
• Financial Data
• Billing Data
• Device and Service Data

If you wish to avoid sending your data to Stripe, you can do so by not signing up for a paid ChartMogul plan. If you do so however, your ability to use ChartMogul’s services could be severely reduced.

The legal basis is performance of our contract to provide you services, Art. 6 1(b) of the GDPR. We have concluded an agreement with Stripe with regard to the processing of your data in accordance with Art. 28 GDPR. You may find further information about Stripe’s data processing and data protection here: https://stripe.com/en-gb-de/privacy

Project Management

Hex

ChartMogul uses Hex for internal data visualization and analysis.

The responsible entity is: Hex Technologies, Inc., 2261 Market Street, #4233, San Francisco, CA 94114, United States of America

Data processed:

• Contact Data
• Device and Service Data
• Activity Data

The legal basis is our legitimate interest in analysis for business decision-making, Art. 6 1(f) of the GDPR. We have concluded an agreement with Hex with regard to the processing of your data in accordance with Art. 28 GDPR. You can find further information about Hex’s data processing and data protection at: https://learn.hex.tech/docs/security/terms-and-conditions

Notion

ChartMogul uses Notion as an internal note-taking and project management tool.

The responsible entity is: Notion Labs, Inc., 548 Market Street #74567, San Francisco, CA 94104, United States of America

Data processed:

• Contact Data
• Account Data
• Professional Data
• Communications Data

The legal basis is our legitimate interest in project management, Art. 6 1(f) of the GDPR. We have concluded an agreement with Notion with regard to the processing of your data in accordance with Art. 28 GDPR. You can find further information about Notion’s data processing and data protection at: https://www.notion.so/Terms-and-Privacy-28ffdd083dc3473e9c2da6ec011b58ac

Shortcut

ChartMogul uses Shortcut to create tickets and epics in order to process and collaborate on UI development projects and product updates.

The responsible entity is: Shortcut Software, Inc., 45 W 27th Street, 3rd Floor, New York, NY 10001, United States of America

The designated EU representative is: ePrivacy GmbH, Burchardstrasse 14, 20095 Hamburg, Germany

Data processed:

• Account Data
• Communications Data

The legal basis is our legitimate interest in project management, Art. 6 1(f) of the GDPR. We have concluded an agreement with Shortcut with regard to the processing of your data in accordance with Art. 28 GDPR. You can find further information about Shortcut’s data processing and data protection at: https://shortcut.com/privacy

Trello

ChartMogul uses Trello to create tickets and tasks to process and track UI development and product updates and requests.

The responsible entity is: Atlassian Pty Ltd, ℅ Atlassian, Inc., 350 Bush Street, Floor 13, San Francisco, CA 94194, United States of America

The designated EU representative is: Atlassian B.V., ℅ Atlassian, Inc., 350 Bush Street, Floor 13, San Francisco, CA 94104, United States of America

Data processed:

• Contact Data
• Account Data
• Communications Data

The legal basis is our legitimate interest in task management, Art. 6 1(f) of the GDPR. We have concluded an agreement with Trello with regard to the processing of your data in accordance with Art. 28 GDPR. You can find further information about Trello’s data processing and data protection at: https://www.atlassian.com/legal/privacy-policy

Customer Support and Management

Brightback

ChartMogul uses Brightback, a Chargebee company, to allow certain users to self-service cancel their subscriptions.

The responsible entity is: Chargebee, Inc., 909 Rose Avenue, Suite 610, North Bethesda, MD 20852, United States of America

Data processed:

• Account Data

The legal basis is our legitimate interest in providing options to manage subscriptions, Art. 6 1(f) of the GDPR. We have concluded an agreement, with Standard Contractual Clauses, with Brightback with regard to the processing of your data in accordance with Art. 28 GDPR. You can find further information about Brightback’s data processing and data protection at: https://www.chargebee.com/privacy/dpa/

Twilio

ChartMogul uses Twilio solutions. We use Twilio Segment, a Customer Data Platform, to track information from our websites and application, consolidate customer data, and integrate that data with other services.

We also use Twilio Sendgrid to send transactional emails (not marketing email) from the ChartMogul product to our customers. Customers can manage under what conditions they receive some of these emails in their account settings.

The responsible entity is: Twilio Ireland Limited, 25-28 North Wall Quay, Dublin 1, Ireland

Data processed:

• Contact Data
• Account Data
• Activity Data
• Device and Service Data
• Cookie Data

The legal basis is our legitimate interest in effective communication, analytics, and advertising Art. 6 1(f) of the GDPR. We have concluded an agreement with Twilio with regard to the processing of your data in accordance with Art. 28 GDPR. You may find further information about Twilio’s data processing and data protection here: https://www.twilio.com/legal/data-protection-addendum and https://www.twilio.com/legal/privacy

SimplyBook.me

ChartMogul uses SimplyBook.me to allow customers to schedule calls with our Customer Success team.

The responsible entity is: SimplyBook.me Ltd, 21 Karaiskaki Street, Oasis Center, Office 23, 3032 Limassol, Cyprus

Data processed:

• Contact Data
• Other information, Device and Service Data, is submitted to SimplyBook.me when a user loads the form or a confirmation email sent by SimplyBook.me.

The analyses of your action to schedule a call through SimplyBook.me is transferred to us in the form of reports. SimplyBook.me may give any of your information to further parties where legally required to do so, or as contracted by SimplyBook.me.

The legal basis is our legitimate interest in effective communication, Art. 6 1(f) of the GDPR. We have concluded an agreement with SimplyBook.me with regard to the processing of your data in accordance with Art. 28 GDPR. You can find further information about SimplyBook.me’s data processing and data protection at:　https://simplybook.me/en/policy and https://simplybook.me/en/legal/dpa

Zendesk

ChartMogul uses Zendesk for customer service and relationship management purposes. Zendesk enables us to provide support to our customers and users by offering help desk articles online and a means to contact ChartMogul (e.g. by emailing support@chartmogul.com or by submitting a ticket through the contact for on our website or the Zendesk Webwidget). Access to help desk articles is provided using a dedicated website, a JavaScript widget embedded on ChartMogul’s website (Zendesk Webwidget), and the use of cookies.

The responsible entity is: Zendesk, Inc., 989 Market Street, San Francisco, CA 94103, United States of America

Data processed:

Help Desk Articles

• Information obtained via cookies and / or the JavaScript widget

Contacting ChartMogul

• Contact Data
• Communications Data
• Other content that the user chooses to submit

The analyses of your actions with the messages sent through Zendesk are transferred to us in the form of reports. The content and metadata of your messages sent to our Customer Success team are submitted by Zendesk to ChartMogul. Zendesk may give any of your information to further parties where legally required to do so, or as contracted by Zendesk.

The legal basis is our legitimate interest in customer relationship management, Art. 6 1(f) of the GDPR. We have concluded an agreement, with Standard Contractual Clauses, with Zendesk with regard to the processing of your data in accordance with Art. 28 GDPR. You can find further information about Zendesk’s data processing and data protection at: https://www.zendesk.com/company/customers-partners/privacy-policy/

Marketing

Customer.io

ChartMogul uses Customer.io to send newsletters to subscribers and other gated content to users who request it.

The responsible entity is: Peaberry Software Inc., 9450 Southwest Gemini Drive, Suite 43920, Beaverton, OR 97008-7105, United States of America

Data processed:

• Contact Data
• Communications Data
• Cookie Data
• Other information, including Device and Service Data, is submitted to Customer.io when a user loads resources embedded in, or a link contained in an email sent through Customer.io

Newsletters and other content may contain single pixel gifs, also known as web beacons. These are tiny graphic files that contain unique identifiers that enable us to recognize when subscribers and users have opened an email or clicked certain links. The analyses of your actions with the messages sent through Customer.io are transferred to us in the form of reports. Customer.io may give any of your information to further parties where legally required to do so, or as contracted by Customer.io.

The legal basis is your consent to subscribe to and receive our newsletter or other gated content, Art. 6 1(a) of the GDPR. You may withdraw this consent at any time. We have concluded an agreement with Customer.io with regard to the processing of your data in accordance with Art. 28 GDPR. You can find further information about Customer.io’s data processing and data protection at: https://customer.io/legal/dpa/

Facebook

ChartMogul has integrated Facebook into its website and uses it to advertise and track activities for analytics and marketing purposes.

The responsible entity is: Meta Platforms, Inc., 1 Hacker Way, Menlo Park, CA 94025, United States of America

When a data subject lives outside the United States of America or Canada, and Meta undertakes data processing, the responsible entity is: Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

Data processed:

• Cookie Data
• Device and Service Data
• Activity Data

When a user clicks the Facebook button, Facebook’s website will be contacted, and user acquisition data will be transferred from ChartMogul to Facebook. Facebook will thereby receive information that the user has visited ChartMogul’s website. Details of the Facebook-supplied plugins can be accessed at: https://developers.facebook.com/docs/plugins

If you are logged into a Facebook account (even if it is not your own account) at the same time you access our website, Facebook will additionally receive a notification that you visited ChartMogul’s website. Facebook collects this information, so the theoretical possibility exists that it could associate it with the Facebook account. The same also applies to the “Like” button, or to the usage of Facebook comment forms; Facebook could associate this information with the logged-in Facebook account. To prevent this, you can log out of any Facebook accounts prior to visiting the ChartMogul website. To do this, you must visit the Facebook website.

The legal basis is our legitimate interest in analytics and advertising, Art. 6 1(f) of the GDPR. We have concluded an agreement with Facebook with regard to the processing of your data in accordance with Art. 28 GDPR. You can find further information about Facebook’s data processing and data protection at: https://www.facebook.com/legal/EU_data_transfer_addendum/update and https://facebook.com/about/privacy

Instagram

ChartMogul uses Instagram to advertise and track activities for analytics and marketing purposes.

The responsible entity is: Meta Platforms, Inc., 1 Hacker Way, Menlo Park, CA 94025, United States of America

When a data subject lives outside the United States of America or Canada, and Instagram undertakes data processing, the responsible entity is: Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

Data processed:

• Cookie Data
• Device and Service Data
• Activity Data

If you are logged into an Instagram account (even if it is not your own account) at the same time you access our website, Instagram will additionally receive a notification that you visited ChartMogul’s website. Instagram collects this information, so the theoretical possibility exists that it could associate it with the Instagram account. The same also applies to the “Like” button, or to the usage of Instagram comment forms; Instagram could associate this information with the logged-in Instagram account. To prevent this, you can log out of any Instagram accounts prior to visiting the ChartMogul website. To do this, you must visit the Instagram website.

The legal basis is our legitimate interest in analytics and advertising, Art. 6 1(f) of the GDPR. We have concluded an agreement with Instagram with regard to the processing of your data in accordance with Art. 28 GDPR. You can find further information about Instagram’s data processing and data protection at: https://www.facebook.com/legal/EU_data_transfer_addendum/update and https://facebook.com/about/privacy

IPAPI

ChartMogul uses IPAPI to determine location by IP address for analytics and marketing purposes.

The responsible entity is: Kloudend, Inc., 1887 Whitney Mesa Drive, #4080, Henderson, NV 89014, United States of America

Data processed:

• Device and Service Data

The legal basis is our legitimate interest in analytics and advertising, Art. 6 1(f) of the GDPR. We have concluded an agreement with IPAPI with regard to the processing of your data in accordance with Art. 28 GDPR. You can find further information about IPAPI’s data processing and data protection at: https://ipapi.co/privacy/

LinkedIn

ChartMogul uses LinkedIn to source candidates for open positions. ChartMogul also uses LinkedIn on our website to advertise and track activities for analytics and marketing purposes.

The responsible entity is: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland

Data processed:

• Contact Data
• Professional Data
• Communications Data
• Cookie Data
• Device and Service Data
• Activity Data

If you are logged into a LinkedIn account (even if it is not your own account) at the same time that you access the ChartMogul website, LinkedIn will additionally receive a notification that you visited our website. LinkedIn collects this information, so the theoretical possibility exists that it could associate it with the LinkedIn account. To prevent this, you can log out of any LinkedIn accounts prior to visiting our website. To do this, you must visit the LinkedIn website.

LinkedIn processes data to provide analytics services that allow ChartMogul to understand how individuals interact with our pages and content. We are jointly responsible with LinkedIn for the processing of information about visitors to our page. The legal basis is our legitimate interest in analytics and advertising, Art. 6 1(f) of the GDPR. We have concluded an agreement with LinkedIn with regard to the processing of your data in accordance with Art. 26 GDPR. In particular, the agreement also regulates which security measures LinkedIn must observe and provides that LinkedIn must comply with the rights of data subjects. You can find further information about LinkedIn’s data processing and data protection at: https://www.linkedin.com/legal/privacy-policy and https://legal.linkedin.com/pages-joint-controller-addendum

Luma

ChartMogul uses Luma for event management (e.g. to create registration pages and send invitations).

The responsible entity is: Luma Labs, Inc., 548 Market St PMB 36143, San Francisco California 94104, United States of America

Data processed:

• Contact Data

The legal basis is our legitimate interest in event management, Art. 6 1(f) of the GDPR. We have therefore concluded an agreement with Luma with regard to the processing of your data in accordance with Art. 28 GDPR. You can find further information about Luma’s data processing and data protection at: https://lu.ma/dpa

Nightwatch

ChartMogul uses Nightwatch to track search engine rankings of our websites.

The responsible entity is: Kundi d.o.o., Gmajna 42a, 2380 Slovenj Gradec, Slovenia

Data processed:

• Contact Data
• Device and Service Data

The legal basis is our legitimate interest in analytics, Art. 6 1(f) of the GDPR. We have therefore concluded an agreement with Nightwatch with regard to the processing of your data in accordance with Art. 28 GDPR. You can find further information about Nightwatch’s data processing and data protection at: https://docs.nightwatch.io/en/collections/2758840-nightwatch-terms-and-policies

X

ChartMogul uses X to track activities for analytics and marketing purposes.

The responsible entity is: X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103, United States of America

For EEA and UK residents, the representative is: Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland

Data processed:

• Cookie Data
• Device and Service Data
• Activity Data

When a user clicks the X button, X will be contacted, and user acquisition data will be transferred from ChartMogul to X. X will thereby receive information that the user has visited ChartMogul’s website.

If you are logged into an X account (even if it is not your own account) at the same time you access our website, X will additionally receive a notification that you visited ChartMogul’s website. X collects this information, so the theoretical possibility exists that it could associate it with the X account. To prevent this, you can log out of any X accounts prior to visiting the ChartMogul website. To do this, you must visit the X website.

The legal basis is our legitimate interest in analytics and advertising, Art. 6 1(f) of the GDPR. We have concluded an agreement with X with regard to the processing of your data in accordance with Art. 28 GDPR. You can find further information about X’s data processing and data protection at: https://privacy.x.com/en/for-our-partners/global-dpa and https://x.com/en/privacy

Analytics

Google AdSense

ChartMogul uses Google AdSense, a service provided by Google Inc, to advertise to previous visitors of our website and to track the effectiveness of these ads. The display of ads and measurement of their effectiveness is made possible through the use of cookies and clear gifs.

The responsible entity is: Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States of America

Data processed:

• Cookie Data
• Activity Data

The analyses of your actions on our website are transferred to us in the form of reports. Google may give this information to further parties where legally required to do so, or as contracted by Google.

You may opt-out of targeted advertising through Google AdSense by visiting: https://www.google.com/ads/preferences/

The legal basis is our legitimate interest in analytics and advertising, Art. 6 1(f) of the GDPR. We have concluded an agreement with Google AdSense with regard to the processing of your data in accordance with Art. 28 GDPR. You can find further information about Google’s data processing and data protection at: https://policies.google.com/

Google Analytics

ChartMogul uses Google Analytics, a service provided by Google Inc, to analyze website access and improve our website. The analysis of your use of our website is made possible through the use of cookies. The Google tracking on our website uses the “anonymizeIp()” function, which truncates the transmitted IP addresses so as to prevent the direct identification of any individual users.

The responsible entity is: Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States of America

Data processed:

• Cookie Data
• Activity Data

The analyses of your actions on our website are transferred to us in the form of reports. Google may give this information to further parties where legally required to do so, or as contracted by Google.

You can stop the placement of Google Analytics cookies on your computer through the settings of your web browser. If you do so, we cannot guarantee that all the functions of our website will be fully available to you. You may also stop the placement of cookies with browser extensions, such as: https://tools.google.com/dlpage/gaoptout

The legal basis is our legitimate interest in analytics, Art. 6 1(f) of the GDPR. We have concluded an agreement with Google Analytics with regard to the processing of your data in accordance with Art. 28 GDPR. You can find further information about Google’s data processing and data protection at: https://policies.google.com/ and https://www.google.com/analytics/terms/

Workflow Management

Pipedream

ChartMogul uses Pipedream to connect and share data between multiple web services used by ChartMogul.

The responsible entity is: Pipedream, Inc., 36 Palm Avenue, San Francisco, CA 94118, United States of America

Data processed:

• Contact Data
• Account Data
• Communications Data
• Cookie Data
• Activity Data

Any information, including personally identifiable information, collected by any other service listed in this policy, may be transferred via Pipedream when a user takes an action that results in the submission of information to the original service. Pipedream may give this information to further parties where legally required to do so, or as contracted by Pipedream.

The legal basis is our legitimate interest in effective data management, Art. 6 1(f) of the GDPR. We have concluded an agreement, with Standard Contractual Clauses, with Pipedream with regard to the processing of your data in accordance with Art. 28 GDPR. You may find further information about Pipedream’s data processing and data protection here: https://pipedream.com/privacy

Zapier

ChartMogul uses Zapier to connect and share data between multiple web services used by ChartMogul.

The responsible entity is: Zapier, Inc., 548 Market Street #62411, San Francisco, CA 94104, United States of America

Data processed:

• Contact Data
• Account Data
• Communications Data
• Cookie Data
• Activity Data

Any information, including personally identifiable information, collected by any other service listed in this policy, may be submitted to Zapier’s servers, located in the United States of America, and saved there when a user takes an action that results in the submission of information to the original service. Zapier may give this information to further parties where legally required to do so, or as contracted by Zapier.

The legal basis is our legitimate interest in effective data management, Art. 6 1(f) of the GDPR. We have concluded an agreement, with Standard Contractual Clauses, with Zapier with regard to the processing of your data in accordance with Art. 28 GDPR. You may find further information about Zapier’s data processing and data protection here: https://zapier.com/privacy/

Recruitment and Job Applications

Wellfound

ChartMogul uses Wellfound to source candidates for job openings.

The responsible entity is: AL Talent, Inc., 228 Park Avenue South, PMB 40533, New York, NY, 10003-1502, United States of America

The designated EEA representative is: PrighterGDPR-Rep by Maetzler Rechtsanwalts GmbH & Co. KG, ℅ Wellfound, Schellinggasse 3/10, 1010 Vienna, Austria

The designated UK representative is: Wellfound Ltd, 2nd Floor, White Bear Yard, Clerkenwell Road, London, UK EC1R 5DF

Data processed:

• Contact Data
• Professional Data

The legal basis is our legitimate interest in recruitment, Art. 6 1(f) of the GDPR. We have concluded an agreement with Wellfound with regard to the processing of your data in accordance with Art. 28 GDPR. You can find further information about Wellfound’s data processing and data protection at: https://wellfound.com/privacy and https://wellfound.com/pdf/Wellfound_DPA_for_Data_Controllers.pdf

LinkedIn

ChartMogul uses LinkedIn to source candidates for open positions. ChartMogul also uses LinkedIn on our website to track activities for analytics and marketing purposes.

The responsible entity for LinkedIn is: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland

Data processed:

• Contact Data
• Professional Data
• Communications Data
• Cookie Data
• Activity Data

If you are logged into a LinkedIn account (even if it is not your own account) at the same time that you access the ChartMogul website, LinkedIn will additionally receive a notification that you visited our website. LinkedIn collects this information, so the theoretical possibility exists that it could associate it with the LinkedIn account. To prevent this, you can log out of any LinkedIn accounts prior to visiting our website. To do this, you must visit the LinkedIn website.

The legal basis is our legitimate interest in recruitment Art. 6 1(f) of the GDPR. We have concluded an agreement with LinkedIn with regard to the processing of your data in accordance with Art. 28 GDPR. You can find further information about LinkedIn’s data processing and data protection at: https://www.linkedin.com/legal/privacy-policy and https://www.linkedin.com/legal/l/dpa

Lusha

ChartMogul uses Lusha to gather email addresses for recruitment purposes.

The responsible entity is: Lusha Systems, Inc., 1177 Avenue of the Americas, 5th Floor, New York, NY 10036, United States of America

Data processed:

• Contact Data

The legal basis is our legitimate interest in recruitment, Art. 6 1(f) of the GDPR. We have concluded an agreement with Lusha with regard to the processing of your data in accordance with Art. 28 GDPR. You can find further information about Lusha’s data processing and data protection at: https://www.lusha.com/legal/dpa-2-2/

Recruitee

ChartMogul uses Recruitee to advertise open positions at ChartMogul, receive applications to these positions, and manage and optimize the application process. The hosting of job description and the application form is made possible through the use of JavaScript and cookies.

The responsible entity is: Recruitee B.V., Keizersgracht 313, 1016 EE Amsterdam, The Netherlands

Data processed:

• Contact Data
• Professional Data
• Communications Data
• Cookie Data

The analyses of your actions on our Career website are transferred to us in the form of reports. Recruitee may give this information to further parties where legally required to do so, or as contracted by Recruitee.

The legal basis is our legitimate interest in recruitment, Art. 6 1(f) of the GDPR. We have concluded an agreement with Recruitee with regard to the processing of your data in accordance with Art. 28 GDPR. You can find further information about Recruitee’s data processing and data protection at: https://recruitee.com/privacy-policy

Rocketreach

ChartMogul uses Rocketreach to gather email addresses for recruitment purposes.

The responsible entity is: Rocketreach, 800 Bellevue Way NE, Floor 5, Unit 110, Bellevue, WA 98004, United States of America

The designated EEA representative is: DataRep, The Cube, Monahan Road, Cork, T12 H1XY, Republic of Ireland

The designated UK representative is: DataRep, BPM 335368, 372 Old Street, EC1V 9AU, London, United Kingdom

Data processed:

• Contact Data

The legal basis is our legitimate interest in recruitment, Art. 6 1(f) of the GDPR. Rocketreach provides publicly available information only. You can find further information about Rocketreach’s data processing and data protection at: https://rocketreach.co/privacy

Changes to this Privacy Policy

ChartMogul reserves the right to update this policy from time to time without notice. Any changes are effective when we post the updated policy on our website. We recommend that you regularly check back. We may provide you with notices about changes to this policy if you are a registered user of the ChartMogul application.

Contact

Should you have further questions, or wish to contact us, you can do so through our website at www.chartmogul.com. When you do so, the data required to answer your query will be automatically saved and processed. Your data will not be transferred to third parties unless ChartMogul has a lawful ground to do so.

Updated: February 1, 2024

Basic Principles

• ChartMogul limits the data we collect as much as possible, storing only what is necessary to provide the ChartMogul application, operate ChartMogul in a secure and resilient fashion, and to comply with all relevant laws.
• ChartMogul only retains data for the length of time necessary to operate the application or otherwise comply with legal or operational requirements.

What Personal Data does ChartMogul collect?

Your Account Settings and Team Member Data

For users of ChartMogul, where ChartMogul is acting as the controller of the data, we collect the following data:

• Name
• Title
• Employer
• Email address
• Phone number (optional)
• Payment data and history
• Contents of your communications with ChartMogul
• Device ID numbers
• Location
• IP address
• Tracking cookie ID

Your Customers’ Data

When ChartMogul is acting as the processor of your data, specifically the data about your customers, we collect:

• Name
• Email address
• Location (but only to the granularity of a city or locality)
• Payment data and history
• If you connect your email account to ChartMogul, contents of emails and messages submitted or sent to, received by, or otherwise transmitted to or through the Services
• Optional information, for example added via tags and custom attributes

How long does ChartMogul retain data?

• We retain data indefinitely while you remain an active customer of ChartMogul.
• When you cease to be a paying or Launch plan customer of ChartMogul, or do not become a paying or Launch plan customer after trialing our software, we will automatically delete your customers’ data within 60 days. We will email account admins prior to scheduled data removal so you can timely select a plan for which you are eligible and prevent data removal.
• If you are a customer that is on a Launch plan (or any other free plan) and you haven’t logged in for 1 year + 30 days, we automatically mark your account as canceled and will remove your customers’ data in 60 days. We will email account admins before the account is marked as canceled, so you can timely login and prevent the removal of your data if you wish. Once your account has been marked as canceled, you can prevent data removal by contacting support@chartmogul.com or going to the billing page and selecting a plan for which you are eligible before 60 days elapse.
• If you wish to voluntarily close your account, you should export your data prior to closing the account.
• If you wish to delete a customer’s data, you can do so using either our API, or the “Delete” functionality in the UI. These actions will delete a customer’s data immediately. You can do this on the customer level or on the data source level.
• If you wish to anonymize your account data, you can make the request by contacting support@chartmogul.com.
• Account admins can also anonymize data of users on the account prior to account cancellation by following instructions in the ChartMogul Help Center.
• Notwithstanding the foregoing, we retain copies of data in accordance with routine backup and archiving procedures and as required to comply with applicable law and other legal and business requirements.

Database backups

• ChartMogul databases are backed up on a continual basis, with full daily snapshots.
• All database backups are encrypted before being sent to our backup storage.
• We retain database backups for 14 days, after which they are automatically deleted.