Last modified: Feb 15, 2022
TABLE OF CONTENTS
- Addendum for Users in California
- GDPR Addendum for Users in the European Union (EU), European
Economic Area (EEA), the United Kingdom (UK) and Switzerland
- Information We Collect From You
- Information You Voluntarily Provide Us
- Information We Collect about your Usage and Devices
- Information We Acquire from Social Media
- Information We Acquire from Other Sources
- Information we acquire when you purchase Domain Registration Services
- Sharing within the Constant Contact Corporate Family
- Sharing with Partners
- Sharing with Third Party Service Providers and Vendors
- Sharing with your Organization
- Corporate Reorganizations
- Authorized Users
- Legal Process
- Disclosure of Domain Name Information
- Residents of California
- Residents of the EU, EEA and UK
- Third Party Links and Information Collection and Use by Our Users
- Refer A Friend
- Data Transfers and Privacy Shield
- Notification of Changes
- Contact Us and Complaints
Constant Contact, Inc. (together with its subsidiaries, “Constant Contact”, “us” or “we”) is a leading provider of online tools for small and medium businesses, nonprofits, and other organizations to connect with their contacts or customers through email marketing, social media, websites and more. We refer to the products and services that are ordered by our customers and made available online by Constant Contact, as described at https://www.constantcontact.com, as the “Services.”
Our Services help our customers provide timely and relevant marketing and communications on a cross-media basis. Our clients can upload contact lists and use our platform to reach their customers and others, for instance, through email and other channels. Personal information and other data submitted by or on behalf of a customer to the Services, including contact lists (which may include email addresses and other information for a customer’s contacts) and content (including the content of a customer’s campaigns) (collectively, “Customer Data”), belongs to and is controlled by our customers. Constant Contact does not process Customer Data except as provided in our online user agreements with our customers, available here. We are not responsible for the privacy or data security practices of our Customers, including with respect to the personal information they collect or upload to our Services.
INFORMATION COVERED BY THIS PRIVACY NOTICE
This privacy notice and our Cookie Notice collectively provide details about our practices relating to personal information collected from or about visitors to our websites, our customers, and others (collectively, our “Users” or “you”). It describes how your personal information is collected, used and shared by us in the course of operating our website and our business.
The Customer Data that we handle on behalf of our customers is not collected on our website, but rather through our customers’ independent use of our platform. For example, our customers may use our platform to encourage their contacts to sign up for their email lists. Emails sent from the Constant Contact platform include single pixel gifs, also known as web beacons, which contain unique identifiers that enable us and our customers to recognize when their contacts have opened an email or clicked certain links. These technologies record each contact’s email address, IP address, date, and time associated with each open and click for an email campaign. We use this data at our customers’ direction to create reports for our customers about how an email campaign performed and what actions their contacts took and to analyze, customize and enhance our customers’ communications and strategies. For more information about how we process Customer Data, please review our Customer Contact Data Notice.
This privacy notice only applies to our Users’ personal information. It does not apply to any of our customers’ contacts’ personal information included in the Customer Data. When we receive our customers’ contacts’ personal information from our customers, we are acting in the role of a processor or service provider, including when we offer to our customers various products and services through which our customers (or their affiliates): (i) create their own websites and applications running on our platforms; (ii) sell or offer their own products and services; (iii) send electronic communications to their contacts through our Services; or (iv) otherwise collect, use, share or process personal information via our Services.
In addition to this privacy notice, the following addenda related to individuals in certain locations also apply to your purchase or use of those Services where applicable. These addenda are a part of this privacy notice:
- Addendum for Users in California
- GDPR Addendum for Users in the European Union (EU), European Economic Area (EEA), the United Kingdom (UK) and Switzerland
INFORMATION WE COLLECT FROM YOU
In the course of your visits to our website, and/or your purchase, registration, or use of the Services, we obtain the information about you described below. We collect this data for the purposes described under “How We Use Your Information”.
INFORMATION YOU PROVIDE TO US
We collect the following information from you when you provide it to us:
- Information you provide prior to any registration process, such as your contact information when you provide it to us on any web form or to sign up for a webinar or other service offered by us;
- Information that you provide during any registration process, including in connection with a co-branded offer (such as your name, company name, email address, phone number, billing address or credit card information, geographic location and industry);
- Information you provide, when you call or email us (for support or otherwise) or when you use our products or services;
- Payment information, including credit card data that you provide to us (by way of our Services or otherwise) when you purchase some of our products and services;
- Information you provide to us at trade shows, meetings, or other events;
- Information you provide to us at seminars or webinars; and
- Information you provide to us in surveys.
We also obtain information that is provided by you on our public forums, including the Constant Contact Community and Constant Contact Marketplace. With your consent, we may also obtain and post testimonials or reviews for inclusion on our websites or elsewhere. Your posts may remain even after you suspend or cancel your account. Reviews and contributions to any of our public communities are considered public and non-confidential by us and are not treated as proprietary information or personal information covered by this privacy notice. To request removal of your personal information on our public forums or on the public portions of our websites, please send an email to firstname.lastname@example.org. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why.
We also collect information that you may provide during your telephone conversations with us, which we may monitor or record.
INFORMATION WE COLLECT ABOUT YOUR USAGE AND DEVICES
We collect data relating to your online activity on our websites or Services, including the following:
- IP address;
- Browser type and version;
- Type of device you use, operating system version, and device identifier;
- Geographic location (such as country, state, latitude and longitude);
- Pages you view;
- How you got to our Services and any links you click on to leave our Services;
- When you update your information, communicate with us, or order new Services;
- Metadata and user behavioral metrics about your use of our Services and emails we send to you (including clicks and opens);
- Metadata about how your customers, contacts, and users interact with the Services we provide you;
- Your interactions with any videos we offer;
- Issues you encounter requiring our support or assistance; and
- Any device or other method of communication you use to interact with the Services.
For more information about cookies and other tracking technologies, please review our Cookie Notice.
INFORMATION WE ACQUIRE FROM SOCIAL MEDIA
- We collect information from third party social networking sites, including information that they provide to us if you use your credentials at such social networking sites to log into some of our Services (such as your name and email address to pre-populate our sign-up form).
- The information you allow us to access varies by social networking site, and depends on the level of privacy settings you have in place at the social networking site. You can control and find out more about these privacy settings at the applicable social networking site.
INFORMATION WE ACQUIRE FROM OTHER SOURCES
We also collect the following information from other sources:
- Information you provide to our partners or affiliates;
- Information that is publicly available;
- Information you consent to us receiving from third parties; and
- Information we obtain from third party data providers.
We also collect information that you may provide during your telephone conversations with us, which we may monitor or record.
We may combine any information we collect about you with other information we have about you to help us update, expand and analyze our records, identify new customers, and suggest products and services that may be of interest to you. If you provide us personal information about others, or if others give us your information, we will only use that information for the specific reason for which it was provided to us.
INFORMATION WE ACQUIRE WHEN YOU PURCHASE DOMAIN REGISTRATION SERVICES
If you purchase domain registration services from us for top-level domains (“TLDs”), as the domain registrar, we are required to collect additional personal information from you, as further described in our Domain Privacy Addendum.
HOW WE USE YOUR INFORMATION
We use the information we collect, both on its own and combined with any other information we collect about you as discussed above, for the following business and commercial purposes:
- To provide the requested Services to you;
- To provide you with useful content;
- To ensure the proper functioning of our Services;
- To offer, operate, evaluate and improve our Services and our business;
- To provide you with requested information or technical support;
- To facilitate your movement through our websites or your use of our Services;
- To do a better job of advertising and marketing our Services (subject to your consent where required by applicable law);
- To advertise and market third party products and services (subject to your consent where required by applicable law);
- To diagnose problems with our servers or our Services;
- In connection with our security and compliance programs;
- To administer our websites;
- To communicate with you;
- To target current or prospective customers with our products or services through online advertisements served on third-party sites by third-party vendors, such as Google (subject to your consent where required by applicable law);
- To assist us in offering you a personalized experience or otherwise tailor our Services to you (for example, in order to provide you with specific resources applicable to your industry); and
- As otherwise described in this privacy notice.
We also use the information we receive to produce reports on trends and statistics, such as mobile search trends, email open rates by industry, campaign best practices or the number of users that have been exposed to, or clicked on, our websites or evaluated or purchased our products or services.
Payment information that you provide to us, including credit card data, will only be used to facilitate payment for the Services.
We also use recorded telephone conversations for quality control purposes, to train our employees and for our records.
SHARING OF INFORMATION
As further described below, we will only share certain personal information with:
- Other members of the Constant Contact corporate family;
- Our partners;
- Third party service providers and vendors;
- In connection with a sale, merger, acquisition or corporate reorganization;
- Authorized users within your organization; and
- Legal or regulatory authorities and other relevant third parties for legal reasons.
SHARING WITHIN THE CONSTANT CONTACT CORPORATE FAMILY
We occasionally share business contact or other information about our customers with other members of the Constant Contact corporate family to improve our products and services and so that we may better provide you with information about our offers, services or products that may be of interest to you. The Constant Contact corporate family includes affiliates that directly or indirectly control, are controlled by, or are under common control with Constant Contact. Any such corporate affiliate may use your information only according to the terms of this privacy notice. If you are located in a jurisdiction where such sharing requires your permission, we will only do so with your consent.
SHARING WITH PARTNERS
The information we share with our partners includes your name, email address and other information enabling our partners to assist you in using our Services.
If you are located in a jurisdiction where such sharing requires your permission, we will only do so with your consent. Please note that if you access our services through a tool that hides your location, such as through a virtual private network, you may not receive our request for permission because we were not able to identify you as being located in a jurisdiction where your permission is required.
Further, our partners are prohibited from using your contact information for any purpose beyond those set forth above without your consent. We will not provide our partners with your credit card information. If you are working with a partner, such as a Constant Contact Solution Provider, and would like that partner to have full access to your account, including the ability to send emails on your behalf, we will provide access to just that partner upon your request or consent.
In the event we collect information from you in connection with an offer that is jointly presented by us and a partner, we will let you know who is collecting the information and whose privacy notice applies, as well as any options you may have regarding use of your information.
SHARING WITH SERVICE PROVIDERS AND VENDORS
Occasionally, we enter into contracts with carefully selected service providers to assist us in servicing you or to assist us in our own marketing and advertising activities. The categories of service providers we share your personal information with include:
- Cloud hosting services;
- Analytics services;
- Marketing and advertising services;
- Advertising networks;
- Customer relationship management services;
- Customer support services;
- Software services;
- E-commerce services;
- Professional services;
- Fraud detection and deterrence services;
- Storage services;
- Search engine optimization services; and
- Information technology services.
SHARING WITH YOUR ORGANIZATION
If you created an account with an email address assigned to you as an employee, contractor, or member of an organization, we may provide that organization with certain limited information about your account, including your email address or the organization name you provided us with, upon the organization’s request.
We will disclose and transfer your information to third parties in the event that we:
- sell, buy, transfer, merge, consolidate or reorganize any part(s) of our business, or merge with, acquire, or are acquired by, or form a joint venture or partnership with, any other business, in which case we may disclose your data to any prospective buyer, new owner, or other third party involved with such change to our business; or
- sell, buy or transfer any business or assets (whether as a result of liquidation, bankruptcy or otherwise), in which case we will disclose your data to the prospective seller or buyer of such business or assets.
We will notify you by email and/or a prominent notice on our website of any such transfer and any choices you may have regarding your information.
All users authorized by you to have access to your account can view personal information stored in the account. A primary account holder can view personal information saved in subaccounts to which they have authorized access. We share information about authorized users only for legitimate purposes consistent with this privacy notice, including servicing your account and marketing products and services to you.
If legally required to do so, or if we have a good faith belief that such disclosure is reasonably necessary, we may disclose your personal information to courts of law, public authorities (including to meet national security or law enforcement requirements), and other relevant third parties, such as internet service providers, to conduct an investigation, respond to a third party or law enforcement subpoena or court order, to bring legal action, prevent harm to others or pursue other relief when you or a third party are or may be:
- Violating our terms and conditions of use;
- Causing injury or other harm to, or otherwise violating the property or other legal rights, of us, other users, or third parties; or
- Violating federal, state, local, or other applicable law.
DISCLOSURE OF DOMAIN NAME INFORMATION
If you purchase domain registration services from us, we will disclose certain personal information as further described in our Domain Privacy Addendum.
The transmission of information via the internet, email or text message is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your information transmitted through the Services or over email; any transmission is at your own risk. Once we have received your information, we will take appropriate technical and organizational measures to safeguard your personal information against loss, theft and unauthorized use, access or modification.
When we collect financial account information, such as credit card numbers, we protect its transmission through the use of encryption such as the Transport Layer Security (TLS) protocol.
TRACKING TECHNOLOGIES AND ONLINE ADVERTISING
Our service providers and vendors may also use Tracking Technologies in order to provide you advertising based upon your browsing activities and interests. If you wish to opt out of interest-based advertising click here or click here to opt out of interest-based advertising on your mobile device. Please note you will continue to receive generic ads.
MARKETING COMMUNICATIONS FROM US
You always have the opportunity to opt out of our marketing communications with you or change your preferences by following a link in the footer of all non-transactional email messages from us or by emailing us at email@example.com. Some communications from us are considered transactional or service communications (for example, important account notifications and billing information). You agree to receive these transactional and service communications as a condition of the Services that we provide to you. You must cancel your accounts for all Services if you do not wish to receive any transactional or service communications from us. To cancel your account, please contact customer support. You may still receive marketing communications from us even after you cancel your account unless you also opt-out of our marketing communications, as described above.
If you do not want to receive marketing calls by phone, you may contact customer support and indicate your preference to us. Note that we may use automated dialing technology to place marketing calls. In the event we do use such technology for marketing calls, we will do so with your consent as required to comply with applicable law. You do not need to agree to receive automated marketing phone calls or texts from us in order to use the Services.
For information about how to manage and opt out from cookies, please visit our Cookie Notice.
INFORMATION FROM THIRD PARTIES
To manage the information we receive about you from a social networking site or other third party (for example, if you link your Constant Contact and Facebook accounts), you will need to follow the instructions from that party for updating your information and changing your privacy settings, where available. The information we collect is covered by this privacy notice and the information the third party collects is subject to such third party’s privacy practices. Privacy choices you have made on any third party site will not apply to our use of the information we have collected directly through our Services.
If an account or profile was created without your knowledge or authorization, please contact customer support to request removal of the account or profile.
RETENTION OF PERSONAL INFORMATION
We retain your personal information to provide services to you and as otherwise necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. We will retain your personal information for no more than seven years following the later of (i) the date on which you terminate your use of the Services or (ii) May 25, 2018, unless we are otherwise required by law or regulation to retain your personal information for longer.
YOUR RIGHT TO CONTROL HOW YOUR PERSONAL INFORMATION IS USED
You have the right to make requests regarding your personal information. You can:
- Request access to personal information held about you;
- Ask us to update or correct personal information if it is inaccurate;
- Request deletion of personal information held about you;
- Request that we transfer some or all of your personal information to you or a third party (whenever it is technically feasible to do so);
- Make choices about receiving marketing communications; and
- Withdraw your consent to process your personal information at any time in circumstances where we are relying on your consent as our basis for processing.
To exercise any of your rights, please send an email to firstname.lastname@example.org or visit our Privacy Center.
In addition to the rights above, residents of California, the EU, EEA and the UK have further rights which are detailed below. Please note that some rights only apply in certain circumstances or to certain information and some exceptions may apply.
We will require you to verify your identity before responding to any requests to exercise your rights.
RESIDENTS OF CALIFORNIA
In addition to the rights outlined above, where the CCPA or related data protection laws apply, you may:
- Request to know the categories of personal information we collect about you, as well as the sources from which the personal information is collected; the business or commercial purpose of our collection; the categories of third parties with whom we share your personal information; and the specific pieces of personal information we hold about you.
- Request certain information regarding, and/or opt-out of, our disclosure of your personal information to third parties.
- Request that we delete the personal information we hold about you in certain limited circumstances.
For more information about your California privacy rights, please review this Addendum for California Users.
RESIDENTS OF THE EU, EEA, UK and Switzerland
In addition to the rights outlined above, where the GDPR or related data protection laws apply, you may:
- Ask whether we process personal information about you, and if we do, to access data we hold about you and certain information about how we use it and who we share it with.
- Request that we delete the personal information we hold about you in certain limited circumstances.
- Request that we stop processing the personal information we hold about you.
- Request that your personal data be provided to you or another organization in a structured, commonly used and machine-readable format, in certain limited circumstances.
- Object to our processing of data about you, including in relation to processing your personal data for marketing purposes.
For more information about your privacy rights under the GDPR, please review this GDPR Addendum.
THIRD PARTY LINKS AND INFORMATION COLLECTION AND USE BY OUR USERS
Some of our Services provide links to other websites. Because we do not control the information policies or practices of these third party sites, you should review their privacy policies to learn about how they collect and use personal information.
Single Sign-On – You may also log in to some of our Services using sign-in services such as Facebook Connect or an Open ID provider. These services will authenticate your identity and provide you with the option to share certain personal information with us, such as your name and email address to pre-populate our sign up form. For example, if you take advantage of certain of our social media features, such as the Facebook Like button, and widgets, such as the “Share This” button or interactive mini-programs that run on our site, the applicable social networking sites may collect your IP address, which page you are visiting on our websites, and may set a cookie to enable it to function properly.
REFER A FRIEND
If you choose to use our referral service to tell a friend about our Services, we will ask you for your friend’s email address. We will automatically send your friend a one-time email inviting him or her to visit our website. We retain this information for the sole purpose of sending this one-time email and tracking the success of our referral program. Such referrals may not be permissible in all situations or in all jurisdictions. You acknowledge and agree that you are solely responsible for compliance with any applicable laws in this regard including, if applicable, seeking consent from your friend. Your friend may contact us at email@example.com to request that we remove this information from our database.
Data Transfers and Privacy Shield
Although not currently relied upon as a legal basis for transfer, Constant Contact participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. For more information about international data transfers or our participation in Privacy Shield or, please review the Data Transfers section in this GDPR Addendum.
Our Services are not directed to persons under 18. We do not knowingly collect personal information from minors under 18. If you are a parent or guardian of such a child and become aware that your child has provided personal information to us, please contact us as described in this privacy notice and we will take reasonable steps immediately to remove any such information.
NOTIFICATION OF CHANGES
We reserve the right to modify this privacy notice at any time, so please review it frequently. If we decide to change this privacy notice in any material way, we will notify you here, by email, or by means of a notice on our website. In all cases, your continued use of any Services constitutes acceptance to any such changes.
CONTACT US AND COMPLAINTS
If you have any questions about this privacy notice or our data handling practices, or you wish to make a complaint, you may contact us at firstname.lastname@example.org or by regular mail at:
Data Protection Officer
Constant Contact, Inc.
1601 Trapelo Road
Waltham, MA 02451