Skip to Main Content

The Scope of this Privacy Policy

This Privacy Policy describes the policies that govern how Civis Analytics, Inc. (“Civis” or “we”) collects, uses, shares, and processes personal data. Our Privacy Policy applies to personal data about identified or identifiable individuals. It doesn’t cover information that is aggregated, anonymous, or does not otherwise identify individuals.

Much of the data that Civis processes comes from our clients and from various public sources. Our clients’ data is the sole property of our clients, and the rights we have in our clients’ data are the rights that they grant to us. We do not often collect personal data from individuals directly; rather we apply our data science methods to existing data sets from a variety of sources. When we process data on behalf of others, we use and share that data at our clients’ request. Such personal data is subject to the privacy policies of the entity that collected or shared the data with us.

Other personal data that we process may come from public sources. When we process such data, we do so in a manner that is consistent with the restrictions placed on that data by the entity that released it and in accordance with applicable data privacy laws. Additional personal data may be licensed from private sources. When we process such data, we do it in a manner that is consistent with the restrictions placed on that data by the entity that licensed it to us and in accordance with applicable data privacy laws. Such public and private data is subject to the terms of use and privacy policies of the entities that released the data or licensed the data to us. In those cases where Civis determines the purposes and means of the processing of personal data, Civis acts as the controller for that information.

The Information We Collect About Individuals

We collect information about you in the following ways:

Directly From You. This might include information that falls within the following categories: (i) identifiers, such as your name, email address, mailing address, (ii) individual characteristics, such as age and gender (iii) professional information, (iv) commercial information, and (v) any other information you provide to us through forms you fill out or when you contact us. We may collect additional information about you when you respond to our surveys, provide us with data, or in other circumstances described in this Privacy Policy.

From Third Parties. This may include information about you that we license from private sources, obtain from public sources, or receive from clients and users of our services, all of which may include information that falls in the categories listed in the preceding paragraph. Examples of public sources include census information, real property records, court records, assessor information, tax rolls, telephone directories, and web directories and information. As for information we receive from clients, an example may be that a retail client has information about your visits, purchases, returns, deliveries, coupons, loyalty club participation, etc. When we work with such a client, we may use that information in combination with other data.

Whenever we use any third-party owned data we rely on that third party to tell us how their own privacy policies limit our use of personal data, consistent with our contracts with that third party. These third parties are responsible for determining the privacy and protection of their data, and any inquiries about the use of your data by that third party should be directed to them in those cases that Civis is not the controller of the data. We’ll let you know when your inquiries should be directed to a third party.

Automatically when you visit our site or use our services. This information can vary depending on your browser and device settings, but it could include the content you view on our site or services; the date and time of your access; how long you use our site or services; the type of web browser you are using (for example, Chrome, Safari, Firefox); the type of device you are using (for example, whether you’re on a mobile phone); your Internet Protocol address (which is a unique set of numbers to identify devices connected to a network); and other geolocation, Internet or other electronic network activity data. See the section below titled Cookies and Tracking for more information.

We may combine information from all of these sources and draw inferences from all of the categories of information we collect.

Civis does not respond to “do not track” and similar signals from browsers.

How We Use Information

Data science involves the use of complex math analysis across large data sets to unearth correlations and insights in the data. The truth of the mathematical correlations in the data may not reflect actual causation in particular cases, but these insights empower users of our site or services to focus messages on desired audiences. Civis does not subject data subjects to decisions that have legal effects on persons due solely to automated processing of personal data. While we may help our clients identify desired audiences, the messages they convey to these audiences are their responsibility; our clients don’t speak for us and we don’t speak for our clients.

Civis uses personal data mainly for our clients’ purposes. When we use personal data for our purposes, we do so to improve our data science practices and our business. In these circumstances, we may collect personal data with your consent or for purposes that are necessary for Civis’ legitimate interest in the analysis of complex data sets to hone our algorithms and increase their ability to derive actionable insights for our clients.

We may also use personal data to monitor and protect our business, perform security screenings, to investigate, prevent, or take action relating to illegal activities, violations of our policies, and for other business purposes discussed in this Policy.

We may use personal data in the following additional ways:

  • Customer Service. We use your information for customer service purposes and to provide services to you. For example, if you contact us for technical support or other purposes, we will use your information to better help us help you.
  • Communication. We use your information to communicate with you, including to respond to requests for support and updates relevant to you. We may communicate with you in a variety of ways, depending upon the contact details you provide.
  • Marketing. We use your information for marketing purposes, including to provide you with special offers, promotions, news, and newsletters; to contact you about products and services we think may interest you; and for other marketing, advertising, and promotional purposes. For US residents, we undertake marketing only in compliance with the CAN-SPAM Act, the Telephone Consumer Protection Act, and other applicable law. For EU residents, we undertake marketing only with your affirmative consent and in compliance with applicable data privacy laws.
  • Administration. We use your information for administrative purposes, including to help us better understand how our clients access and use our site and services; to provide reports to prospective partners, service providers, regulators, and others; to implement and maintain security, anti-piracy, fraud prevention, and other services designed to protect you and us; to enforce this Privacy Policy, our Terms and Conditions, and other policies.
  • Research and development. We use your information for research and development purposes, including to improve our site, services, and customer experience; to maintain the accuracy of our data, understand our customer demographics; and for other research and analytical purposes.
  • Legal and security compliance. We use your information to comply with applicable legal or regulatory obligations, including to respond to a subpoena or court order; to cooperate with law enforcement or other governmental investigations; and as part of legal proceedings.
  • Protection of us and others. We use your information where we believe it is necessary to protect you, us, or others.

How We Share Personal Data

We will share personal data only in the manner described in this Privacy Policy. Our products and services provide individual-level data insights to our clients, and so our science directly involves sharing insights gained from personal data with our clients.

We may share personal data with third party companies to provide technologies, services, or content to our clients or particular individuals. Civis may also remove personally identifying data to create anonymous data.

We may also share personal data in responding to requests from law enforcement officials, government bodies or judicial authorities, in addressing matters of personal or public safety, national security, litigation, investigations (including data security incident investigations), and other legal matters where the data is pertinent. In the event of a sale, transfer or reorganization of Civis, or of some of our assets or lines of business, or in the context of related business negotiations, Civis may also share personal data with the relevant parties. Civis also uses personal data for its historical, statistical, and business planning purposes.

Data Security

We protect personal data when it is stored or processed by Civis, and we ask third parties acting on our behalf to protect personal data in accordance with this Privacy Policy and to implement comparable data protection and security policies.

We store personal data for different periods of time consistent with the purposes for which it was originally collected, as subsequently further authorized, or when required or allowed under applicable law.

Choice and Control

Here are some others ways you can control the use of your data:

  • Opt Out of Promotional Email Communications. You may opt out of promotional emails by clicking on the unsubscribe link in the email. If you have difficulty or questions about how to do that, email us at support@civisanalytics.com, and we will assist you. Please also note that we are unable to remove you from third party e-mail lists. So, if you previously added your contact information to the mailing list of one of our clients or partners and later withdraw your permission, you will have to contact that third party (or use an opt-out link provided in an email communication from that client or partner) to request removal from that mailing list as well.
  • Opt Out of Interest-Based Advertising. We may use third-party service providers such as Google’s AdSense and AdWords to help us provide advertisements to you that are tailored to you based on interests that you have expressed on our site or elsewhere (“Interest-Based Ads”). Any advertisements served by these third-party service providers and their affiliated companies may be controlled using cookies. These cookies allow these providers to display ads based on your visits to this site. Any tracking done by these providers through cookies and other mechanisms is subject to their own privacy policies. Some browser settings allow you to limit or remove the Interest-Based Ads delivered to you.

Please note that even if you opt out of receiving marketing communications from us, we may still send you communications about your account or any products or services you have purchased from us, and we will still respond to your inquiries and requests for information. EU residents will not be added to the marketing lists unless they have already provided express affirmative consent consistent with applicable data protection laws.

We and our service providers use cookies and other mechanisms to track information about your use of our site and services. We or our service providers may combine this information with other information we collect about you.

  • Cookies. We or our service providers may use cookies to track visitor activity on our site and services. A cookie is a text file that a website transfers to your device for record-keeping purposes. We or our service providers may use cookies to track user activities on our site and services, such as the web pages you view and time you spend on those pages. The help section on most browsers will tell you how to prevent your computer from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. Visitors to our site and users of our services who disable cookies may not be able to browse certain areas of the site or services.
  • Clear GIFs, Pixel Tags and Other Tracking Technologies. Clear GIFs are tiny graphics with a unique identifier, similar in functionality to cookies, which are embedded invisibly on web pages. We or our service providers may use clear GIFs (also known as web beacons, web bugs, pixel tags, or action tags, among other names), in connection with our site to perform functions like tracking the activities of visitors to our site, helping us manage content, and compiling statistics about usage of our site or services. We or our service providers may also use clear GIFs in emails to help us track email response rates, identify when our emails are viewed, and track whether our emails are forwarded.
  • Embedded Scripts. We use embedded scripts, which is code designed to collect information about how visitors interact with a website, such as the website which linked them to our site.
  • Third-Party Analytics. We use service providers, like Google Analytics, to evaluate the use of our site and our services. We or our service providers use automated devices and applications to evaluate use of our site and services. We or our service providers use these tools to help us improve our site, services, performance, and user experiences. These entities may use cookies and other tracking technologies, such as web beacons or Flash locally shared objects, to perform their services. For example, our use of information we receive from Google Application Programming Interface (API) adheres to the Chrome Web Store User Data Policy (https://developer.chrome.com/docs/webstore/program_policies/) which includes the Limited Use requirements applicable to our use of the user data.

Our Privacy Commitments to Employment Applicants

Civis collects information, including personal contact information, education and work history, as well as social security numbers in order to process and consider your application. Personal data from applications will not be sold to unaffiliated third-parties for marketing purposes. With your consent, the information on your application may be shared with background check services, our affiliates, and used for certain regulatory, compliance, security, and legal purposes. We may de-identify and anonymize your information and use such anonymous data for internal purposes, such as to review our hiring practices and talent acquisition efforts.

Data Integrity and Accuracy

Civis strives to work with current and accurate personal data; that’s good for you, our clients, and really everybody. We have controls in place to ensure that the information we have is relevant, accurate, and appropriate for the purposes used. If you believe that any data about you is inaccurate, please let us know what you think is wrong with the data. In such instances, if such data is not owned by us, we will let you know that your inquiry should be directed to a third party.

Minors

We do not collect personal data from any person we know to be under the age of 13, and we will delete any personal data collected that we later know to be from a person under the age of 13. Our site and services are for general audiences and is not targeted to children under 13 years of age. If you believe a child under the age of 13 has disclosed personal data to us, please contact us at dataprotection@civisanalytics.com and specify the customer and information you believe to be from the child under 13.

Changes to this Privacy Policy

Any changes in our Privacy Policy will be prominently posted on the Civis website so that you are aware of any changes in the data we collect and how we use it. Be sure to check the effective date of the Privacy Policy.

California Privacy Rights Notice

This California Privacy Rights Notice is applicable to California residents only, and is intended to supplement, not replace, the Civis Privacy Policy (https://www.civisanalytics.com/privacy_policy/). This California Privacy Rights Notice is not intended to apply to personal data we collect about our employees, applicants for employment, or contractors in the employment context. “The Information We Collect About Individuals” section above identifies the categories of personal data we collect as well as examples of personal data in such categories. The “How We Use Information” section and the “How We Share Personal Data” sections describe our uses of personal data and the third parties with whom we share personal data. In the last 12 months, we have disclosed all of the categories of data we described in the “The Information We Collect About Individuals” section for business purposes.

Beginning January 1, 2020, the California Consumer Privacy Act of 2018 (CCPA) provides California residents with certain rights with respect to their personal information, such as:

  • The right to request information about our collection, use, and disclosure of your personal data (a “Request to Know”), including:
    • the categories of personal data we have collected about you;
    • the categories of sources from which we have collected your personal data;
    • the business or commercial purpose for collecting or selling your personal data;
    • the categories of personal data we have sold about you; and
    • the categories of third parties with whom we have shared, disclosed for a business purpose, or sold your personal data, and which categories of personal data we have sold to which categories of third parties
  • The right to opt-out of the sale of your personal data (a “Request to Opt-Out”).
  • The right to request that we delete your personal data (a “Request to Delete”).

We will not discriminate against individuals for exercising their rights under CCPA.

If you are a California resident and would like to exercise one of your rights, please contact us at dataprotection@civisanalytics.com, include one of the following in your request, “Request to Know,” “Request to Opt-Out,” or “Request to Delete” in the subject line, and all of the following information in the body of the email: (i) first name, (ii) last name, (iii) email address, and (iv) address, city, state (must be California) and zip code. California law requires us to verify the requests we receive from you when you exercise certain rights listed above, which may include sending you a letter containing your personal data and verification token to the California address you provided. We (or third parties we engage to assist us) may ask you to provide certain information to us in order for us to verify the request. For Requests to Delete, we will confirm your request prior to deletion, however, please be aware that some of the information may not be deleted because it is exempt from control of CCPA.

Californians who wish to request further information about our compliance with California law or who have questions, more generally, about our Privacy Policy and our privacy commitments to our customers and Site should not hesitate to contact us at dataprotection@civisanalytics.com or at Civis Analytics, Inc., 200 W. Monroe St., 22nd Floor, Chicago, IL 60606.

Data Access, The Right to be Forgotten, and Dispute Resolution

Individuals in Europe have certain data subject rights which may be subject to limitations and/or restrictions. Provided you verify your identity as requested by us and we are the data controller, these rights may include the right to: (i) request access to and rectification or erasure of their personal data; (ii) obtain restriction of processing or to object to processing of their personal data; and (iii) data portability. If you wish to exercise one of the above mentioned rights, please send us your request via email to: dataprotection@civisanalytics.com. We will comply with your request within 30 days of the day on which you verify your identity. If we are the data processor, we will let you know that we are only the data processor and we will notify the appropriate third party data controller, which in many cases will be our customer or vendor. Individuals in Europe may also have the right to lodge a complaint about the processing of their personal data with their local data protection authority.

For individuals outside of Europe, if you believe that Civis may be processing data about you and wish to opt-out of such processing, please send us a written request at dataprotection@civisanalytics.com. To the extent that we are data controllers of such data, we will fulfill your request within 60 days of your verification of your identity or at least provide an explanation of why we cannot do so in the particular context, such as when only our client or vendor are the data controllers and control the right to provide such access, or if responding to the request would be unreasonably expensive. Please also let us know if you have any questions, concerns, disputes, or issues. We are always open to dialogue to resolve issues. If your concerns cannot be resolved, we can enter into appropriate third-party neutral dispute resolution. If you need to reach us about a privacy or data protection issue, please contact us at dataprotection@civisanalytics.com.

The effective date of this policy reflects our most recent material changes to this policy. From time to time, we may make minor changes to the Privacy Policy, but we will change the effective date and provide notice on our website when major changes are made to our policy.

Last Updated: October 22, 2021