Customer Privacy Notice
This Privacy Notice is applicable to you as a Cision customer using one of Cision's customer facing platforms (including but not limited to Cision Communications Cloud, MyGorkana, CPRE, or Cision Point Global). These platforms provide you with access to our media database and to our other products and services. We are committed to inform about how we handle your personal data, to give you control over how it is used, and to protect it. Here you will find details about the information we have about you, how and why we collect it, how we use it, and how we keep it secure. This Privacy Notice also tells you about your rights, how you can exercise those rights, and how the law protects you.
Cision is a global communications group of companies that enables our customers to identify and connect with influencers, distribute meaningful marketing communications to those influencers, and measure the impact of those communications. Our products and services operate under a number of different brands, including Cision, Gorkana, PR Newswire, Hors Antenne, Data Presse, Cision SA, CEDROM, Profnet, HARO and Prime. Details about the products and services can be found at www.cision.com
Cision Ltd. is the data controller responsible for your personal data (collectively referred to as Cision, "we", "us", or "our" in this Privacy Notice).
Our full contact details:
12051 Indian Creek Court
Beltsville, MD 20705
If at any time you have any questions about this Privacy Notice or the way we use your personal data please contact us at Privacy@cision.com.
The data we collect about you
We collect the information that is necessary to conduct our business, to provide the services you have requested and to keep you informed. We may also use the information you provide to communicate with you about our products and services. We may share your information with third parties in order to append additional data about your company and your role within it.
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
- Identity Data: including first name, maiden name, last name, username or similar identifier, title, date of birth and gender.
- Contact Data: including billing address, delivery address, email address, and telephone numbers.
- Financial Data: including bank account and payment card details (we only use this data for payment processing purposes).
- Transaction Data: including details about payments to and from you and other details of products and services you have purchased from us.
- Technical Data: including internet protocol (IP) address, your login data, traffic data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other communication data which gives us about how you accessed our website.
- Profile Data: including your username and password, purchases or orders made by you, (your interests, preferences, feedback and survey responses).
- Usage Data: including information about how you use our website, products and services.
- Marketing and Communications Data: including your preferences in receiving marketing from us (and our third parties) and your communication preferences.
We do not hold any "special category" data about you (such as data about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union memberships, data about your health and genetic and biometric data).
Third party data that you provide to us
In the course of using our services you may also provide us with personal information about third parties, in particular information regarding influencers that we do not hold in our media database and which you may ask us to process on your behalf (for example through our 'Private List' functionality).
How is your personal data collected?
Generally, we collect personal information related to you, your employees, and your representatives when you decide to interact with us, or subscribe to one of our products or services (including but not limited to Cision Communications Cloud, MyGorkana, CPRE, or Cision Point Global) or express an interest in them. We also look at how you interact with our websites so that we can offer you the best possible experience.
Data collection methodology includes:
- Direct interactions: you may give us personal information by filling in forms or by corresponding with us by mail, phone, email, in person at events, as part of our contractual arrangement with you, by inputting that data into one of our customer facing platforms, or otherwise. This includes personal data you provide when you order or express an interest in our products or services; subscribe to our services or publications; request marketing to be sent to you; enter a competition, promotion or survey; or give us some feedback.
- Automated technologies or interactions: as you interact with our website, we may automatically collect technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. We may also receive technical data about you if you visit other websites employing our cookies.
- Telephone or product demonstration conversations which may be recorded by us to help us improve our training and quality
- Third parties or publicly available sources: we may receive personal data about you from various third parties and public sources including: social media platforms, our own corporate prospect/customer databases or online research referrals.
How we use your personal data
- To verify your identify and entitlements to our products and services when you contact us or access our services.
- To protect you from fraud prevention and detection.
- To supply services to you and manage your subscriptions.
- To send statements and invoices to you, and collect payments from you.
- To provide commercial quotes to you.
- For statistical analysis (e.g. on the use of our websites).
- To operate and improve our websites and services.
- To supply services to you and manage your subscriptions.
- To notify you of any changes to our websites or our services and products which may affect you.
- To provide you with technical and customer support.
- To ask your opinion or feedback on our services or industry questions.
- To ensure seamless access to all of our applications to which you have subscribed.
- To enforce our legal rights or comply with legal requirements.
- To provide improved website and product experience and communications informed by your product subscriptions and/or data collected.
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where we need to perform the contract we are about to enter into or have entered into with you.
- Where we need to comply with a legal or regulatory obligation.
- Where it is in our legitimate interests, including our commercial interests in operating the Cision customer facing platforms, and providing you with access to our Media Database. We make sure that we consider and balance any potential negative impact on you and your rights before we process your personal data.
Cision emails may contain a small, invisible, one pixel image which can be used to let us know when the email is opened or forwarded. If the email recipient has images enabled on their device, when the email is opened, a message (an automatic request) is sent to Cision’s server requesting the image. That request is logged by Cision and tells us that the email has been opened. A similar process may be used in relation to links or attachments in the email, with a request being sent to Cision for the content that is accessible via the links or attachments, thus telling Cision that the link or attachment has been accessed.
How we share your personal data
We may share your personal data with companies within the Cision Ltd. and other parties detailed below. We may also transfer your personal data outside of the European Economic Area (EEA), but only when specific safeguards have been put in place in order to protect your personal data.
We may share your personal data with one or all of the following:
- Internal Third Parties: these include other companies within the Cision Ltd. such as Cision, Gorkana, PR Newswire, Hors Antenne, Data Presse, Cision SA, CEDROM, Profnet, HARO and Prime.
External Third Parties may include:
- Suppliers who we engage to provide services on our behalf, for example payment processors and marketing services companies. These companies are based in EU and North America.
- Professional advisors including lawyers, accountants and insurers where necessary to enable them to provide their services to us.
- Authorities who require reporting of processing activities in certain circumstances.
We may also share your personal data with third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with contractual obligations which ensure adequate protection for your personal data.
We may share your personal data with entities within the Cision Ltd. and into marketing systems used by the Cision Ltd. Given that we are an international organization with our headquarters in the U.S., this may involve transferring your personal data outside of the European Economic Area (EEA). Some of the third parties to whom we transfer your personal data are also based outside of the EEA, so their processing of your personal data will likewise involve a transfer outside the EEA. Where your personal data is transferred outside of the EEA we will use specific contracts approved by the European Commission giving your personal data the same protection as it has in the EU.
How we protect your personal data?
We are committed to protecting your personal data. We put in place safeguards including appropriate technologies, policies, and contractual arrangements, so that the data we have about you is protected from unauthorized access and improper use, and we will not keep your personal data for longer than necessary.
The safeguards we have put in place to protect your personal data include:
How long will we use your personal data?
We will keep your personal data only for as long as is necessary for the purposes set out in this privacy notice and to fulfill our legal obligations. We will not keep more data than we need. While you remain a customer we shall retain your data in order to keep providing services to you. If you do not wish to use Cision's services we will keep your personal data for a period of 24 months before deleting it. We are required to keep some basic information about our customers for a longer period in accordance with applicable tax laws. In some circumstances you can ask us to delete your data by submitting a Data Subject Request.
Under certain circumstances, you have rights under data protection laws in relation to your personal data, including the right of access, the right to rectification, the right to erasure, the right to restrict processing, the right to data portability, and the right to object.
Under EU data protection laws you have a number of rights in relation to your personal data. These rights are not absolute – in some cases they will not apply to you, or to the particular use that we are making of your data. There are exceptions, for example if we have to process the data to comply with our own legal obligations; if that is the case we will let you know.
Your rights include:
- Access to your personal information (by what is commonly known as a "data subject access request").
- Require us to correct any mistakes in your information which we hold.
- Require the deletion of personal information concerning you in certain situations by submitting a Data Subject Request.
- Receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format, and have the right to transmit that data to a third party in certain situations.
- Object at any time to processing of personal information concerning you for direct marketing.
- Object to decisions being taken by automated means (including profiling) which produce legal effects concerning you.
- Object in certain other situations to our continued processing of your personal information.
- Otherwise restrict our processing of your personal information in certain circumstances.
For further information on each of these rights, including the circumstances in which they apply, See the guidance from the UK Information Commissioner’s Office (ICO) on individual rights under the General Data Protection Regulation.
You also have the right to take your concerns at any time to the Data Commissioner's Office (ICO, the UK supervisory authority for data protection issues (www.ico.org.uk).