Piwik PRO privacy policy

Privacy policy last updated on: 30.08.2024

Your privacy is very important to us – after all “Take control of your data” is our credo. Our products were built on a foundation of security and privacy. They are compliant with General Data Protection Regulation (GDPR) requirements and other legal provisions for data protection. Below you’ll find all necessary information to make educated decisions about how you want us to process your personal data.

Summary

Want to change your consent status? Use the following settings:

Privacy settings

Want more information about what your consents mean? Go to privacy and consent settings.

Want to submit a data subject request? Go to our data subject request form

We use your data only when you consent to it directly or when we need to based on what you ask of us. If you’d like more details, we invite you to read on.

This information applies to visitors of our website, clients and job applicants. We’ve broken it down into three main sections:

  1. Our Marketing and Sales activities
  2. Piwik PRO product and data that we process on behalf of our clients
  3. Recruitment by our Human Resources team.

If you feel something is not addressed in this Privacy Policy or have further questions, our Data Protection Officer (DPO) can be reached at gdpr@piwik.pro.

The data controller for (1) Marketing and Sales and (2) Piwik PRO product-related activities is: Piwik PRO group, that includes Piwik PRO SA (ul. Św. Antoniego 2/4, 50-073 Wrocław, Poland), Piwik PRO GmbH (Kurfürstendamm 21, 10719 Berlin, Germany). Learn more about the Piwik PRO group at https://piwik.pro/about/.

The data controller for (3) Recruitment is: Piwik PRO group, that includes Piwik PRO SA (ul. Św. Antoniego 2/4, 50-073 Wrocław, Poland), Piwik PRO GmbH (Kurfürstendamm 21, 10719 Berlin, Germany) and Piwik PRO LLC (222 Broadway, 19th Floor, New York, NY 10038, United States). Learn more about the Piwik PRO group at https://piwik.pro/about/.

Marketing and Sales

We work hard to find and introduce new people to our product as well as improve the quality of our website. We want to communicate clearly and directly with everyone that visits. To do this we need data. However, we practice privacy by design, privacy by default and data minimization so we’ll take the smallest amount of data we can while still providing our visitors an enjoyable experience.

We request processing of personal data of visitors, such as IP address, a cookie identifier and email address (but only in the case that visitors request information be sent by email). We also collect non-personal data to learn how visitors found our website, what kind of device they’re using, how long they stayed, which pages they visited, etc. This non-personal data is tied to a temporary identifier that is removed after the end of each browsing session.

Privacy and consent settings

Here’s how we use your data when you give us the following consents:

Analytics

Purpose: improve site user interface, optimize sales and marketing content
Personal data used: browser cookie, browsing behavior on piwik.pro, device information, IP address
First party involved: Piwik PRO (yes, we use our own software)
Third parties involved: None

A/B testing and personalization

Purpose: A/B tests, content personalization, improve site user interface, optimize sales and marketing content
Personal data used: browser cookie, browsing behavior on piwik.pro, device information, IP address
Third parties involved: Omniconvert

Marketing automation

Purpose: send marketing materials relevant to your interests
Personal data used: browser cookie, browsing behavior on piwik.pro, IP address, other data you give us will be added to your visitor profile
Third parties involved: Hubspot

Webinars

You may provide us with additional personal data when subscribing to one of our webinars. We may have a limited number of seats related to the webinar you’ve reserved your spot for and we may process the information you provided like your first and last name or company to increase the probability that (a) you’re a real human or (b) you’re affiliated with a company close to our target market audience. In that case you’re more likely to secure your spot. We will use your email to communicate with you. We will keep all that data in our CRM that you can read about in this Privacy Policy.

Purpose: subscribing you to a webinar
Personal data used: email address
Third parties involved: GoToWebinar / GoTo Technologies

We process personal data based on consent according to Art. 6(1)(a) GDPR, which you are free to give or refuse. You’ll see consent options when you visit our website for the first time. You can change your decisions at anytime by clicking the button below. If you change your decision it will not affect the lawfulness of processing based on consent before its withdrawal.

Privacy settings

Fraud Prevention

We use fraud0 on our website to protect against fraudulent activities. Fraud0 detection algorithms are designed with a strict privacy-first approach, utilizing only standard JavaScript parameters without requiring any personally identifiable information (PII). This service, provided by fraud0 GmbH, uses technologies such as JavaScript and Pixel to collect device information, browser data, and user behavior metrics. The data collected is processed within the European Union and is retained only as long as necessary to fulfill its purpose. As we have the express right to protect ourselves from fraudulent activities, data collection for this purpose does not require user consent. The legal basis for processing personal data in this context is Art. 6 s. 1 lit. f GDPR.

Individual data subject right (Your rights)

Remember there are number of rights you can exercise:

  • Right of Access
  • Right to Rectification
  • Right to Restriction of processing
  • Right to Erasure also known as the ‘Right to be Forgotten’.
  • Right to Data Portability
  • Right to Object

You have the right to lodge a complaint with a supervisory authority (in Poland, the President of the Data Protection Office).

If you would like to exercise your individual rights, send us a message via the form below. The form collects cookies that identify you as a returning visitor so we know what data the request concerns. We will then adjust or remove data about you from our database and pass the request to our partners. We require your email to communicate with you during processing of your request.

Data Subject Request Form

Data requests

Select the type of data request and note any special requests. We’ll do our best to fulfill your request to the letter. We need your email address to contact you about your request. We won’t use this email address for any purpose other than the completion of your request.

Access data
Access data
Data erasure
Data rectification

Our partners - tools we use for Marketing and what we use them for

Piwik PRO Analytics Suite is our own analytics and customer data platform. We collect first-party data about website visitors based on cookies, IP and fingerprinting; we create user profiles based on user browsing history and calculate metrics related to website usage such as bounce rate, depth of visits, page views etc. We host our solution on Orange Cloud infrastructure in France and the data is stored for a period of 60 months. (Purpose of processing data: Analytics, Conversion tracking based on consent, Legal basis: Art. 6 (1)(a) GDPR).

We may also use the aforementioned platform to collect aggregated metrics on the use of our website or application, within the scope of necessary processing. You may use the opt-out below to stop all data collection.

HubSpot is an inbound marketing and sales platform that we use for email marketing, marketing automation, website personalization and integrating CRM data about leads with their behavioral data. HubSpot collects browsing history (only from our site) and user personal data acquired via lead capture forms. HubSpot products are hosted in U.S.-based data centers, and HubSpot stores user data for 24 months. More specifically, we remove the data:

  • after 6 months from collection when you contacted us or downloaded some content (like whitepaper) and we didn't hear back from you since,
  • after 24 months from the last exchange in case we had an ongoing conversation or you wanted to conduct business with us (used contact form, requested a demo or pricing),
  • on your request.

(Purpose of processing data: Marketing Automation based on consent, Legal basis: Art. 6 (1)(a) GDPR)

Omniconvert is a testing and optimization platform we use to create A/B tests on our websites. Omniconvert collects aggregated data for goals, tests, surveys, and website reviews. Omniconvert is hosted on European servers by Amazon AWS (U.S.-based company). Data is retained for up to 90 days. (Purpose of processing data: A/B testing and personalization based on consent, Legal basis: Art. 6 (1)(a) GDPR)

YouTube: we have placed YouTube-hosted videos across our sites. We require your prior consent before we launch them. YouTube is a U.S.-based service. (Purpose of processing data: providing you with additional information about our products and services based on consent, Legal basis: Art. 6 (1)(a) GDPR)

Piwik PRO product

Our clients own 100% of the data we gather on their behalf.

A Data Processing Agreement (DPA) is available for both Piwik PRO Analytics Suite Cloud (SaaS) and Piwik PRO Analytics Suite On-Premises – our Account executives or customer success team members can provide details.

Piwik PRO Analytics Suite Cloud is hosted on either:

  • Orange Flexible Engine France (FR Central),
  • ElastX Sweden (SWE Central),
  • Microsoft Azure Netherlands (EU West),
  • Microsoft Azure Germany (DE Central),
  • Microsoft Azure United States (US East),
  • Microsoft Azure Hong Kong (Southeast Asia),
  • Orange Cloud France (Paris).

You may also use some other infrastructure provider like Leaseweb in the US and Germany.

Piwik PRO On-Premises is hosted in the client's own cloud subscription with Microsoft Azure, Orange Cloud or Elastx.

We do NOT send collected data to other sub-processors or third parties nor do we use it for our own purposes.

Data retention periods are set by the client of Piwik PRO Analytics Suite and governed by the separate Data Processing Agreement.

The full scope of data that can be gathered by our platform is described here.

All cookies used by the Piwik PRO platform are listed here.

We want all clients to be fully compliant so those who are using Piwik PRO Analytics Suite with Tag Manager can also take advantage of Consent Manager. But it's the client's responsibility to configure their Consent Manager instance according to their own privacy policy.

Requests to exercise any individual data subject rights of visitors to a website tracked by one of the instances of Piwik PRO Cloud should be sent by a Client to support@piwik.pro so we can remove the record from our database.

For users of any Piwik PRO instance please refer to these Online service terms and Data processing agreement unless your organization has signed a separate contract with Piwik PRO. Also, it’s important to know that we use third-party tools to deliver in-app communication service to the end users (operators) of the platform and a CRM to deliver an onboarding flow:

  • Piwik PRO Core - Stonly (data hosted in EEA), HubSpot (data hosted in the USA)
  • Piwik PRO Enterprise - Stonly (data hosted in EEA), Intercom (data hosted in the USA)

If your team would like to contact our support, keep in mind that Intercom is a US company regardless of its hosting location. Send us datasets or screenshots using your own secure channel or our secure tool. We provide all information about this during the onboarding process or details can be requested directly via support@piwik.pro.

If you request a database export, it will be placed on a secure server on Amazon EU in Frankfurt, Germany.

In case you purchase our services via our website (without contacting sales) please note that we’re using Paddle, our Merchant of Record, to process your order. Here’s their privacy policy.

Looker Studio integration

In accordance with the Google API Service: User Data Policy, we want to assure our users that our application does not access, use, store, or share any Google user data when it comes to Looker Studio. Our commitment to privacy means that no Google user data is utilized in any capacity within our application.

Recruitment

The recruitment process is shared within the Piwik PRO group, which includes Piwik PRO SA, Piwik PRO GmbH and Piwik PRO LLC. During recruitment we will gather and process personal data such as employment history, education and projects you’ve worked on. We get this information from your CV, the application form and from links or other information you provide us. To submit your application to us you must first agree to processing of your personal data (a check box on the application page) in accordance with Art. 6(1)(a) GDPR. Sending us your job application via jobs@piwik.pro means that you acknowledge our privacy policy. The provision of your personal data is neither a statutory nor a contractual requirement, but we can't consider you for a position without the ability to process your personal data.

Only HR and team members who are directly involved in your recruitment process, usually representatives of the team you are applying to, have access to your data. Each team member has been trained in data security and is formally obliged by their contract to keep it private. All who would have access to your recruitment data have such a contract with the Piwik PRO group (defined at the beginning of this privacy policy).

We collect and use personal information you have provided only for the purposes of the recruitment process. Data that we collect throughout recruitment is used only for the communication with candidates, to evaluate their qualifications and to make a final hiring decision. During the recruitment process we use software from external partners such as Google Suite and Traffit. The maximum time your data is held is 36 months.

You have a right to access your data, correct or remove it, or completely withdraw your consent for processing it at any time. Such requests should be sent to our DPO: gdpr@piwik.pro. The withdrawal of a consent does not affect the lawfulness of processing based on consent before its withdrawal.

Third-Party Websites

Links from our site to external websites do not operate under this Privacy Policy. For example, if you click on a referrer website link on our site, you may be taken to a website that we do not control. These third-party websites may independently solicit and collect information from you, including personal and financial data. We recommend that you consult the privacy statements of all third-party websites you visit by clicking on the “privacy” link typically located at the bottom of the webpage you are visiting.

Children’s Privacy

We forbid the use of the website to individuals age 18 and below, without the consent of a parent or guardian over the age of 18. We do not knowingly collect personal data from children under the age of 13.

Notice to California Users

Subject to the limitations under California Civil Code § 1798.83, if you are a California resident and have an established business relationship with us, you may ask us to provide you with a list of certain categories of personal information that we have disclosed to third parties for their direct marketing purposes during the immediately preceding calendar year. You may also request the identity of certain third parties that received your personal information from us for their direct marketing purposes during the immediately preceding calendar year. You may make a request as described hereinabove once a year.

To make such a request, you can contact us at legal@piwik.pro or mailing us at: Piwik PRO, 222 Broadway, New York, NY 10038. Please mention in your communication that you are making a “California Shine the Light” inquiry. We will respond within 30 days.

Changes to the Privacy Policy

We will occasionally update this Privacy Policy. When changes to this Privacy Policy will be posted, the date at the top of this Privacy Policy will be revised. We recommend checking the website from time to time to inform yourself of any changes in this Privacy Policy or any of other policies.