Privacy Policy

Glassbox Ltd. and its wholly owned subsidiaries, including Glassbox US, Inc. and Glassbox Digital UK Ltd. (collectively “GLASSBOX,” “we,” “us,” and “our”) respect your privacy. This privacy policy (this “Privacy Policy”) explains the accepted privacy practices for our Site, www.glassbox.com (the “Site”) and our proprietary customer experience solutions and services, which include, without limitation, all associated software, updates, upgrades, content and documentation, and any changes, enhancements, extensions, adaptations, components, additions, improvements and applications thereto, whether now existing or hereafter devised (collectively, the “Services”). This Privacy Policy describes the ways in which your personal information is collected and used, and the rights and options available to you with respect to such information. This Privacy Policy incorporates by reference the most current version of our Terms of Use (our “Terms of Use”). If you have questions or complaints regarding this Privacy Policy and/or our privacy practices in general, please contact us as described in this Privacy Policy.

If you do not wish to provide or otherwise make available to GLASSBOX, whether directly or indirectly, the information described below that we collect via the usability and functionality of our services, please do not visit our website.

Information we collect

GLASSBOX collects information from end users (“End Users”) at several different points and via several different channels throughout our Services. This may include, without limitation, traffic data including an End User’s IP address, domain server, type of computer, type of web browser, geo-location, browsing and click-stream activity, session heatmaps and scrolls and more. Our GLASSBOX Solutions (as defined below) are also designed to automatically collect information about your website visits, referring and exit pages and URLs, amount of time spent on particular web pages, and the sections/features of our Services you visit/utilize. We’ve designed our Services so that the information collected from End Users is anonymous information that does not personally identify an End User but may be helpful for improving an End User’s experience in connection with our Services and/or for marketing purposes.

In general, when you visit our Site or otherwise utilize our Services you remain anonymous. That said, certain aspects of our Services, whether deployed by others or by us, may require that you register or log in before you are permitted to access certain areas, tools, features and the like. In such cases, the information you will likely be asked to provide (and that is collected by us) may be more personal in nature. In those cases, personal information, such as an End User’s name, address, contact information and other personally-identifiable information (“Personal Information” or “Personal Data”) may be collected from you and stored in our databases, typically when you register to the Site, request support enter into a sales promotion or otherwise interact with us (for example through the “contact us” option). It should be made clear that you have no legal obligation to provide us with any Personal Data and the submission of such information is entirely subject to your sole discretion and consent. However, if you will not provide us with the required information, we may not be able to provide you with the information/services requested by you.

We may also collect statistical and other data related to your use of our Services as well as information on Services usage patterns. This information is collected and used as anonymous, aggregated, non-individually identifiable information.

The Glassbox app use and transfer of information received from Google APIs to any other app will adhere to Google API Services User Data Policy, including the Limited Use requirements.

How we use information

Our Services allows us to use aggregated and anonymous information which does not identify individual End Users. This information is often used for analyzing trends, administering and improving services, and to gather demographic information about our End User base as a whole. There are also times when we will combine such information with additional non-personal or de-identified information that we obtain from other companies in order for us to gain broader market insights. We typically analyze this information and organize it into user groups and audiences, based on factors such as age, gender, geography, interests and online actions. This is often referred to as Interest-Based Advertising. To enable the foregoing, the GLASSBOX Solutions use technology including browser cookies, device identifiers, and other similar technologies to recognize a particular browser or device over time, to predict possible relationships among different browsers and devices and to then relay this information to our system.

We also compile and store data and information and generate reports related to our End Users’ access to and use of our Services.

To the extent required under applicable data processing laws and regulations, any Personal Data that we collect will be stored in our database and will be used in accordance with such applicable laws and regulations.

Any data processing performed by any third party with whom we have provided End User information (either Personal Data or non-Personal Data) will, if and when required by law, be governed by a binding agreement in the form mandated by applicable by law, preserving End Users’ statutory data protection rights.

GLASSBOX retains the End User data described above which is collected through our GLASSBOX Solutions for up to twenty-four (24) months from the date of its collection (unless the data is required to be held for a longer period by applicable laws and regulations) and solely for the uses expressly provided hereunder.

GLASSBOX may share information internally among its affiliates or with third parties for the purposes described in this Policy. Without limiting the foregoing, some of the reason we might share your information are:

  • To enable you to use our Services, to register and establish an account, and to provide you with ongoing customer service and technical support;
  • To support and enhance our data security measures, including for the purposes of preventing fraud or abusive behavior;
  • To protect and support the legitimate interests of GLASSBOX and any of its affiliates;
  • To protect the safety and well-being and interests of End Users of our Services and any members of the general public; and
  • To comply with any applicable laws and regulations.

Personal Data collected from End Users within the European Economic Area (“EEA”) may, for example, be transferred to countries outside of the EEA for the purposes described in this policy. To do so in a compliant manner, GLASSBOX will only transfer such data if (i) it has the End User’s consent or some other legal basis upon which to rely, (ii) it has in place a data processing agreement/addendum with the intended recipient(s) thereof (which utilizes standard contract clauses approved by the European Commission, as applicable), and (iii) it is otherwise in compliance with all other obligations mandated under European Union law.

For the purpose of providing and operating the Services, we may share Personal Data with trusted third-party service providers that require access to such data. In these instances, we will require that these third parties comply with this Privacy Policy or with privacy policies at least as protective as this Privacy Policy. We may also share your Personal Data if we have your permission to do so. In all cases, GLASSBOX will attempt to limit the information we provide to that which is reasonably sufficient and necessary.

In addition to the foregoing, we expressly reserve the right to disclose or otherwise allow access to your Personal Data pursuant to a legal requirement or a request, such as a subpoena, search warrant or court order, or in compliance with applicable laws and regulations. Such disclosure or access may occur with or without notice to you. We may also disclose the information that we collect where we believe that it is necessary in order to protect the vital interests of any person, or to exercise, establish, or defend our legal rights.

Bottom line, we do not share, distribute, sell or rent any of your Personal Data with/to third parties, except in circumstances expressly described above as well as those other limited situations which are set forth in this Privacy Policy.

Your privacy rights and controlling your personal data

If you wish to access, rectify, erase, restrict, transfer, or object to the use of your information, or if you have any questions in connection with this Privacy Policy or the use of your information, please contact us through one of the methods described below. Further, you can ask us to stop sending you marketing messages at any time by following the opt-out or unsubscribe links on any marketing message sent to you or by contacting us directly. Every email sent by or on the behalf of GLASSBOX includes information as to how you can easily unsubscribe from future communications. Subject to applicable law (including without limitation, the California Consumer Privacy Act), you have the following rights in relation to your Personal Data:

  • Right of access: If you ask us, we will confirm whether we are processing your Personal Data and, if so, provide you with a copy of that Personal Data (along with certain other details). If you require additional copies, we may need to charge a reasonable fee.
  • Right to rectification: If your Personal Data is inaccurate or incomplete, you are entitled to have it rectified or completed. If we have shared your Personal Data with others, we will tell them about the rectification where possible. If you ask us, where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so that you can contact them directly.
  • Right to erasure: You may ask us to delete or remove your Personal Data and we will do so in some circumstances, such as where we no longer need it (we may not delete your data when other interests outweigh your right to deletion, for example if we are required by law to keep it). If we have shared your data with others, we will tell them about the erasure where possible. If you ask us, where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so that you can contact them directly.
  • Right to restrict processing: You may ask us to restrict or ‘block’ the processing of your Personal Data in certain circumstances, such as where you contest the accuracy of that Personal Data or object to us processing it. We will tell you before we lift any restriction on processing. If we have shared your Personal Data with others, we will tell them about the restriction where possible. If you ask us, where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so that you can contact them directly.
  • Right to data portability: You have the right to obtain your Personal Data from us that you consented to give us or that is necessary to perform a contract with you. We will give you your Personal Data in a structured, commonly used and machine-readable format. You may reuse it elsewhere.
  • Right to object: You may ask us at any time to stop processing your Personal Data, and we will do so if we are processing your Personal Data for direct marketing and otherwise. However, if we are relying on a legitimate interest to process your Personal Data and we demonstrate compelling legitimate grounds for the processing we may continue; or
  • Rights in relation to automated decision-making and profiling: You have the right to be free from decisions based solely on automated processing of your Personal Data, including profiling, which produce a significant legal effect on you, unless such profiling is necessary for entering into, or the performance of, a contract between you and us, or with your explicit consent.
  • Right to withdraw consent: If we rely on your consent to process your Personal Data, you have the right to withdraw that consent at any time. Your withdrawal of consent will not affect apply to data that was processed prior to our receipt of your withdrawal of consent.
  • Right to lodge a complaint with the data protection authority: If you have a concern about our privacy practices, including the way we have handled your Personal Data, you can report it to the data protection authority that is authorized to hear those concerns.

Exercise your data subject rights under GDPR

We provide you with an easy way to submit us privacy related requests like a request to access or erase your personal data. If you want to make use of your data subject rights, please visit our public privacy landing page here.

If an End User is a California resident, please refer to the section CALIFORNIA PRIVACY RIGHTS

Enterprise clients

From time to time, GLASSBOX may grant its enterprise clients a license or other rights to GLASSBOX’s proprietary software products and solutions (the “GLASSBOX Solutions”). Through their use of these GLASSBOX Solutions and/or through other means, enterprise clients of GLASSBOX may get access to, collect and use: (i) End User non-personally identifiable information; and (ii) End User Personal Data.

The GLASSBOX Solutions enable our enterprise clients to maintain compliance with certain laws and regulations, assist in the fulfilment of certain contractual necessity, assist in identifying issues and improving their website and/or mobile apps and also to deliver more relevant content to consumers across digital channels, including desktop and mobile channels, by gathering data and direct feedback about those End Users’ visits to, and use of, our enterprise clients’ digital properties. These clients have their own policies that govern how they collect, use, and share data, even when such collection and use may be carried out, directly or indirectly, by using our Services from time to time. Please consult the privacy policies of the websites you visit and apps you use to become familiar with their privacy practices.

These clients of GLASSBOX which utilize GLASSBOX’s cloud-based Services to collect End User information will upload and store such information to one of GLASSBOX’s secured cloud servers and will analyze such information via our Services on the cloud which may be located in the EU, US or Asia, subject to our clients choice. In these situations, Glassbox may be considered, both legally and contractually, as the Data Processor or Sub Processor and our applicable client may be considered the Data Controller for the captured End User Personal Data.

We enter into binding agreements with each Enterprise Client that uses our Services, which agreements are intended to comply with all applicable laws and regulations for the processing of their End User data.

By way of clarification, we have no direct relationship with any of our enterprise clients’ individual End Users. Therefore, any such End User of a Glassbox’s client who seeks to correct, amend, delete inaccurate Personal Data, or withdraw consent for further use of his/her Personal Data or to exercise any other right under applicable privacy laws, should direct all queries to the applicable Glassbox client which website and/or mobile apps it uses.

Where we store end user information

End User Information that is collected via our Services (both Personal Data and non-Personal Data) in accordance with the terms set forth in this Privacy Policy, whether such information is collected directly by GLASSBOX or by any of our Enterprise Clients, may be maintained, processed and stored by GLASSBOX and our authorized affiliates and service providers in the United States, in the EU and in any other jurisdiction as deemed strictly necessary for the proper delivery of our Services and/or as may be required by applicable law. While data protection laws differ from jurisdiction to jurisdiction, please know that GLASSBOX is fully committed to keeping and protecting your information in a safe and secure manner based on this Privacy Policy and industry standards.

Social media widgets

Our Services incorporate Social Media features, such as the Facebook Like button. These features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the feature to function properly. Social Media features and Widgets are either hosted by a third party or hosted directly on our Site. Your interactions with these Features are governed by the privacy policy of the company providing it.

Business transfers

Information collected from End Users of the GLASSBOX Services, including End User Personal Data, may be transferred as part of or in connection with a corporate merger, consolidation, restructuring, the sale of substantially all of our shares or stock and/or assets or other corporate change, including, during the course of any due diligence process. By making available your data through the Services in any manner, you agree that your information may be transferred to third parties under such or similar circumstances.

In addition to the foregoing, we reserve the right, at our sole discretion, to assign this Privacy Policy and/or any rights hereunder, to any third party without providing any prior notice thereof. In the event of any such assignment, the provisions set forth in this Privacy Policy shall fully apply to any successor or assignee, mutatis mutandis.

Cookies

We use session identifiers, web beacons, cookies, JavaScript tags, and other tracking technologies. A cookie is a piece of data stored on an End User’s hard drive containing information about the End User. We use these technologies to enhance the End User experience of our Services, and as a result, these technologies may be deployed by GLASSBOX in any portion of the GLASSBOX Services. Usually an Internet browser is set by default to accept cookies. If an End User rejects the cookie, he/she may still use our Services, though certain features, tools and applications may be disabled or otherwise unavailable. We may also use cookies to track and monitor usage of the Services by End Users for the marketing and quality improvement purposes. Most browsers will allow you to erase cookies from your computer/device hard drive, block acceptance of cookies, or receive a warning before a cookie is stored. We may use JavaScript tags to trigger a sequence of events that includes viewing a first-party cookie (or setting that cookie if it does not already exist) and to help us tailor and optimize our GLASSBOX Services for both our End Users and enterprise clients. For more details on our use of cookies please read our Cookie Policy.

In addition to the foregoing, GLASSBOX reserves the right to use the Google AdWords Remarketing Service (the “Google Service”) for advertising purposes. By using the Google Service, visitors of those sites, apps and other digital properties belonging to GLASSBOX’s Enterprise Clients may see advertisements in third parties’ websites (including, without limitation on Google’s search results page or a site in the Google Display Network). Any data collected by GLASSBOX using the Google Service will be subject to both this Privacy Policy as well as Google’s Privacy Policy.

E-mail communications

At any time, you have the ability to opt out of receiving marketing communications from GLASSBOX, but you may not opt out of administrative emails.

We do not send emails to anyone without a legitimate legal basis to do so, such as to address contractual necessity and legal obligations or on the basis of consent (where consent may have been given to us and/or one of our enterprise clients), and we do not sell or rent email addresses to any unauthorized third party. This does not mean that we can prevent spam from happening on the Internet. If you believe that you have received an unsolicited email from us, please contact us at the e-mail below and we will investigate.

Links

Our Site may have links to the sites of other companies, including those of our enterprise clients. We are not responsible for their privacy practices. We encourage you to learn about the privacy policies of those companies by visiting their respective websites, apps, etc.

AI Usage

This Section serves to notify users about the incorporation of artificial intelligence (AI) on our Glassbox Solution, strategically utilized to elevate user experience and seamlessly integrate chatbot into our Glassbox Solution search capabilities. It is crucial to emphasize that our AI processes are designed in a manner that excludes any involvement with personal data or customer-related information. In strict adherence to the provisions set forth by the General Data Protection Regulation (GDPR), we consistently prioritize and safeguard the privacy rights of our users.

Policy towards children

GLASSBOX does not knowingly collect personal information from minors who are under the age of 16 through its Site and/or the Services. If a parent or guardian becomes aware that his or her child has provided us with Personal Data without the parent’s/guardian’s consent, then he or she should contact GLASSBOX as described hereunder. If we become aware that a child under the age of 16 has provided us with Personal Data, we will delete such information from our files. Further, the Children’s Online Privacy Protection Act (“COPPA”) requires parental consent for collection of data from children younger than the age of 13 years old. For tips on protecting children’s privacy online, generally, please visit the U.S. Federal Trade Commission (“FTC”) website.

Security

We follow generally accepted industry standards to protect the Personal Data submitted to us, both during transmission and once we receive it. However, due to the nature of Internet communications and evolving technologies, unauthorized entry or use, hardware or software failure, and other factors, the security of End User information may be compromised at any time. No method of transmission over the Internet, or method of electronic storage, is 100% secure.

Therefore, we cannot guarantee the absolute security of Personal Data and disclaim any assurance that such information will remain free from loss, misuse, or alteration by third parties who, despite our efforts, obtain unauthorized access.

California privacy rights

If an End User is a California resident, California Civil Code Section 1798.83(c)(2) permits such individual to request information regarding the disclosure of his/her information by GLASSBOX to third parties for such third parties’ direct marketing purposes. To make such a request, please send us an email to privacy@glassbox.com.

You may also exercise your privacy rights as a California resident by calling our toll free at 1-855-445-2772 and leave us a message with your request or by writing to us to privacy@glassbox.com. Your request must include sufficient information that allows us to reasonably verify you are the person about whom we collected personal information, and that you have the authority to make the request(s) that we’ve received.

Changes and consent to privacy policy

By using our services, whether knowingly or otherwise, and in any manner or capacity, you agree to the terms of this privacy policy. We reserve the right to change the provisions of the privacy policy from time to time, and therefore, you are advised to check back regularly. Your continued use of the services, whether in whole or in part, after any change to the policy has been posted constitutes your acceptance of this privacy policy. If the revised version of this privacy policy includes substantial and material changes, we will provide you with 30 days prior notice via any of the communication means available to us, or by posting notice of the change(s) on our site. After this 30-day notice period expires, all amendments to this privacy policy shall be deemed accepted and effective on both you and Glassbox.

Resolving disputes; communicating with us

We strive to respond to all End User requests as quickly as practicable. If you feel that your request has not been addressed in a timely manner after sending an email to the above-referenced email address, you may send an email directly to our Privacy and Compliance Officer at the following address: oran.biran@glassbox.com.

Although we will endeavor to resolve all disputes arising between an End User and GLASSBOX in an amicable and expeditious manner, End Users may invoke binding arbitration when other dispute resolution procedures have been exhausted. Under those circumstances, GLASSBOX’s exclusive means of resolving individual privacy complaints is through JAMS, an alternative dispute resolution provider. Any such proceedings shall be conducted in JAMS’ NY-based offices (NY Times Building, 620 8th Avenue, New York, NY 10018). Judgement on the award rendered in any such arbitration may be entered in any court having jurisdiction.

Last updated: May 2022

See also: