Customer Privacy Notice
This Privacy Notice is applicable to you as a Cision customer using one of Cision's customer facing platforms (including but not limited to Cision Communications Cloud, Falcon.io, MyGorkana, CPRE, or Cision Point Global). These platforms provide you with access to our media database and to our other products and services. We are committed to inform about how we handle your personal data, to give you control over how it is used, and to protect it. Here you will find details about the information we have about you, how and why we collect it, how we use it, and how we keep it secure. This Privacy Notice also tells you about your rights, how you can exercise those rights, and how the law protects you.
Cision is a global communications group of companies that enables our customers to identify and connect with influencers, distribute meaningful marketing communications to those influencers, and measure the impact of those communications. Our products and services operate under a number of different brands, including Cision, Gorkana, PR Newswire, Falcon.io, Hors Antenne, Data Presse, Cision SA, CEDROM, Profnet, HARO and Prime. Details about the products and services can be found at www.cision.com
Cision Ltd. is the data controller responsible for your personal data (collectively referred to as Cision, "we", "us", or "our" in this Privacy Notice).
Our full contact details:
12051 Indian Creek Court
Beltsville, MD 20705
If at any time you have any questions about this Privacy Notice or the way we use your personal data please contact us at Privacy@cision.com.
The data we collect about you
We collect the information that is necessary to conduct our business, to provide the services you have requested and to keep you informed. We may also use the information you provide to communicate with you about our products and services. We may share your information with third parties in order to append additional data about your company and your role within it.
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
- Identity Data: including first name, maiden name, last name, username or similar identifier, title, date of birth and gender.
- Contact Data: including billing address, delivery address, email address, and telephone numbers.
- Financial Data: including bank account and payment card details (we only use this data for payment processing purposes).
- Transaction Data: including details about payments to and from you and other details of products and services you have purchased from us.
- Technical Data: including internet protocol (IP) address, your login data, traffic data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other communication data which gives us about how you accessed our website.
- Profile Data: including your username and password, purchases or orders made by you, (your interests, preferences, feedback and survey responses).
- Usage Data: including information about how you use our website, products and services.
- Marketing and Communications Data: including your preferences in receiving marketing from us (and our third parties) and your communication preferences.
We do not hold any "special category" data about you (such as data about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union memberships, data about your health and genetic and biometric data).
Third party data that you provide to us
In the course of using our services you may also provide us with personal information about third parties, in particular information regarding influencers that we do not hold in our media database and which you may ask us to process on your behalf (for example through our 'Private List' functionality).
How is your personal data collected?
Generally, we collect personal information related to you, your employees, and your representatives when you decide to interact with us, or subscribe to one of our products or services (including but not limited to Cision Communications Cloud, MyGorkana, CPRE, or Cision Point Global) or express an interest in them. We also look at how you interact with our websites so that we can offer you the best possible experience.
Data collection methodology includes:
- Direct interactions: you may give us personal information by filling in forms or by corresponding with us by mail, phone, email, in person at events, as part of our contractual arrangement with you, by inputting that data into one of our customer facing platforms, or otherwise. This includes personal data you provide when you order or express an interest in our products or services; subscribe to our services or publications; request marketing to be sent to you; enter a competition, promotion or survey; or give us some feedback.
- Automated technologies or interactions: as you interact with our website, we may automatically collect technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. We may also receive technical data about you if you visit other websites employing our cookies.
- Electronic surveys, telephone or product demonstration video calls with you which we may monitor, record and store for quality control, staff training or product development purposes, as it is in our legitimate interests.
- Third parties or publicly available sources: we may receive personal data about you from various third parties and public sources including: social media platforms, our own corporate prospect/customer databases or online research referrals.
How we use your personal data
- To verify your identify and entitlements to our products and services when you contact us or access our services.
- To protect you from fraud prevention and detection.
- To supply services to you and manage your subscriptions.
- To send statements and invoices to you, and collect payments from you.
- To provide commercial quotes to you.
- For statistical analysis (e.g. on the use of our websites).
- To operate and improve our websites and services.
- To supply services to you and manage your subscriptions.
- To notify you of any changes to our websites or our services and products which may affect you.
- To provide you with technical and customer support.
- To ask your opinion or feedback on our services or industry questions.
- To ensure seamless access to all of our applications to which you have subscribed.
- To enforce our legal rights or comply with legal requirements.
- To provide improved website and product experience and communications informed by your product subscriptions and/or data collected.
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where we need to perform the contract we are about to enter into or have entered into with you.
- Where we need to comply with a legal or regulatory obligation.
- Where it is in our legitimate interests, including our commercial interests in operating the Cision customer facing platforms, and providing you with access to our Media Database. We make sure that we consider and balance any potential negative impact on you and your rights before we process your personal data.
How we use your personal data via API with Google Gmail
If you are a customer user using the email integration feature, Cision will use your personal data in accordance with the below:
- Cision will only use your personal data to provide or improve your use of the email integration functionality within Cision’s platform. We will not use your personal data for any other purpose.
- Cision will only transfer your personal data to a third-party, Nylas, as it is necessary to provide or improve user-facing features that are prominent in Cision’s requesting application's user interface. Cision may also transfer personal data as necessary to comply with applicable law or as part of a merger, acquisition, or sale of assets with notice to users. Cision will not engage in any other transfers or sales of your personal data.
- Cision will not use or transfer your personal data for serving ads, including retargeting, personalized, or interest-based advertising.
- By default Cision is unable to view your integrated email personal data unless:
- Cision first obtains your affirmative agreement to access your email and personal data for purposes of providing its service and providing service support;
- Cision first obtains your affirmative agreement to access your email and personal data if it is necessary for security purposes (such as investigating a bug or abuse);
- It is necessary for Cision to comply with applicable law; or
- Cision’s use is limited to internal operations and the data (including derivations) have been aggregated and anonymized.
- Cision's use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy including the Limited Use requirements.
Cision emails may contain a small, invisible, one pixel image which can be used to let us know when the email is opened or forwarded. If the email recipient has images enabled on their device, when the email is opened, a message (an automatic request) is sent to Cision’s server requesting the image. That request is logged by Cision and tells us that the email has been opened. A similar process may be used in relation to links or attachments in the email, with a request being sent to Cision for the content that is accessible via the links or attachments, thus telling Cision that the link or attachment has been accessed.
How we share your personal data
We may share your personal data with companies within the Cision Ltd. and other parties detailed below. We may also transfer your personal data outside of the European Economic Area (EEA), but only when specific safeguards have been put in place in order to protect your personal data.
We may share your personal data with one or all of the following:
- Internal Third Parties: these include other companies within the Cision Ltd. such as Cision, Gorkana, PR Newswire, Hors Antenne, Data Presse, Cision SA, CEDROM, Profnet, HARO and Prime.
External Third Parties may include:
- Suppliers who we engage to provide services on our behalf, for example payment processors and marketing services companies. These companies are based in EU and North America.
- Professional advisors including lawyers, accountants and insurers where necessary to enable them to provide their services to us.
- Authorities who require reporting of processing activities in certain circumstances.
We may also share your personal data with third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with contractual obligations which ensure adequate protection for your personal data.
We may share your personal data with entities within the Cision Ltd. and into marketing systems used by the Cision Ltd. Given that we are an international organization with our headquarters in the U.S., this may involve transferring your personal data outside of the European Economic Area (EEA). Some of the third parties to whom we transfer your personal data are also based outside of the EEA, so their processing of your personal data will likewise involve a transfer outside the EEA. Where your personal data is transferred outside of the EEA we will use specific contracts approved by the European Commission giving your personal data the same protection as it has in the EU.
How we protect your personal data?
We are committed to protecting your personal data. We put in place safeguards including appropriate technologies, policies, and contractual arrangements, so that the data we have about you is protected from unauthorized access and improper use, and we will not keep your personal data for longer than necessary.
The safeguards we have put in place to protect your personal data include:
How long will we use your personal data?
While you remain a customer we shall retain your data in order to keep providing services to you and, following expiration or termination of your contract with us, shall erase your personal data in accordance with the time period specified in our contract with you. Otherwise, if you do not wish to use Cision's services again, we will keep your personal data for a period of 24 months before erasing it.
Under certain circumstances, you have rights under data protection laws in relation to your personal data, including the right of access, the right to rectification, the right to erasure, the right to restrict processing, the right to data portability, and the right to object.
Under EU data protection laws you have a number of rights in relation to your personal data. These rights are not absolute – in some cases they will not apply to you, or to the particular use that we are making of your data. There are exceptions, for example if we have to process the data to comply with our own legal obligations; if that is the case we will let you know.
Your rights include:
- Access to your personal information (by what is commonly known as a "data subject access request").
- Require us to correct any mistakes in your information which we hold.
- Require the deletion of personal information concerning you in certain situations by submitting a Data Subject Request.
- Receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format, and have the right to transmit that data to a third party in certain situations.
- Object at any time to processing of personal information concerning you for direct marketing.
- Object to decisions being taken by automated means (including profiling) which produce legal effects concerning you.
- Object in certain other situations to our continued processing of your personal information.
- Otherwise restrict our processing of your personal information in certain circumstances.
For further information on each of these rights, including the circumstances in which they apply, See the guidance from the UK Information Commissioner’s Office (ICO) on individual rights under the General Data Protection Regulation.
You also have the right to take your concerns at any time to the Data Commissioner's Office (ICO, the UK supervisory authority for data protection issues (www.ico.org.uk).
LAST UPDATED: 26th JUNE 2020