Last Updated: February 28th, 2024
Constellation Software, Inc. (“Constellation”, “we” or “us”) is a software as a service (SAAS) marketing technology company. We offer a suite of marketing automation tools which enable content creators and marketers operating in highly regulated business sectors (e.g., health, automotive, insurance) to ensure that their creatives and programs are accurate and aligned with applicable law and brand requirements.
THE TYPES OF DATA PROCESSED BY CONSTELLATION
Constellation thinks about the data we process in terms of whether or not the data may be used by Constellation to identify a data subject. Accordingly, we place the data we process into two categories: identifiable personal data and pseudonymous personal data. We recognize that identifiable personal data and pseudonymous personal data are considered personal data under the applicable privacy or data protection laws in many places.
Identifiable personal data such as a name, a postal address, a telephone number or an email address is personally identifiable information (“PII”) that can be used to identify or locate a particular person or entity. Pseudonymous personal data such as a mobile ad ID, a cookie ID or an IP address is not personally identifiable (“Non-PII”) in that it cannot be used by Constellation to identify or locate a particular person or entity. We believe that distinguishing the data processed on the basis of whether it is identifiable is an important privacy distinction.
WEBSITE PRIVACY PRACTICES
Personally Identifiable Information (PII)
Constellation collects Personally Identifiable Information (“PII”) from its website, https://www.helloconstellation.com/, when you choose to provide it to us. For example, you may choose to send PII about yourself in an email, or by completing a form on this website. Constellation uses this information only to contact you to respond to your inquiry. Once collected, Constellation will store your PII for a reasonable time for record keeping purposes.
Non-Personally Identifiable Information
Constellation also collects Non-PII from visitors to this Website, including your IP host address, pages viewed, browser type, Internet browsing and usage habits, Internet Service Provider, domain name, the time/date of your visit to this website, the referring URL and your computer’s operating system. Non-PII also includes PII that has been hashed so that it may not be used to identify someone. As noted above, in some places, such as the State of California, certain Non-PII such as cookie IDs and IP addresses are considered personal data.
Cookies and other Tracking Technologies – Ad Choices
Third Party Websites
Our Website may contain links to and advertisements for websites operated by third parties whose privacy practices may differ from Constellation’s policies. While the company endeavors to associate only with reputable entities, Constellation cannot guarantee the privacy practices of other websites will reflect ours; we encourage you to check the privacy policies of all websites that you visit.
The Constellation software Platform enables our Clients to run their advertising campaigns in compliance with applicable law by ensuring that the right disclosures are included in each advertising creative that is created by the Platform. In order to provide our services (our “Services”) in connection with the Platform, we use APIs provided by advertising and social media platforms such as TikTok, Facebook, Instagram, and Google (collectively, our “Partners”). An “API” is an application programming interface — a software intermediary that allows our Platform to connect with and access our Partner’s advertising platforms. Each Partner processes data as described in their respective privacy policies. A list of our Partners and their privacy policies may be found below.
We use Partner APIs to provide data and advertising creatives related to our Client’s online advertising campaigns as part of our Services. This may include information about the performance of ads, keywords, and other related data. We use the data collected through Partner APIs to provide our Clients with insights into the performance of their online advertising campaigns.
Types of Data Processed by the Platform
We may upload via Partner APIs certain personal data provided by our Clients, including the names, postal addresses, email addresses and/or telephone numbers of our Clients’ current and prospective customers. We may also hash those emails provided by customers into pseudonymous user IDs to better facilitate online media buys via certain Partners. We consider all this information as “Client Personal Information”. We treat all Client Personal Information as the confidential information of each Client and we only process Client Personal Information as directed by each Client and for no other purpose. Per Client requests, we may use additional partners to render Client Personal Information as pseudonymous prior to upload onto Partner APIs. Some Clients also ask us to bolster their data with non-sensitive Non-PII provided by third-party data brokers.
When directed by Clients, we may ask Partners to use personal data provided by third-party data providers to target ads on their respective platforms.
PRIVACY PRACTICES FOR BOTH THE PLATFORM AND WEBSITE
Accessing / Updating / Deleting / Correcting Data
Upon request, Constellation will provide you with information about whether we hold any of your PII collected via the Website. If you’d like to update, correct, delete, port or deactivate any PII that you have provided to the company on this Website, please send your request to firstname.lastname@example.org, and Constellation will process your request.
We will respond to each request within a reasonable timeframe as governed under applicable law. Data subjects located in certain U.S. States (e.g., California) have additional privacy rights as described below.
If you have questions or concerns about personal information you’ve provided to Constellation as a Client, kindly direct your question to the person at Constellation that owns the relationship with your organization.
Children’s Privacy; Sensitive and Special Category Data.
Neither our Website nor our Platform are not intended for use by children under the age of 18 (“Children”). We do not knowingly collect PII from Children under 18. If you become aware that a Child has provided us with personal data, please contact us. If we become aware that we have collected personal data from Children without verification of parental consent, we take steps to remove that information from our servers.
We don’t knowingly collect sensitive or special category data such as ethnicity, religion, sexual interest, health data as defined under applicable law other than in an employment context which is covered under a different policy.
Disclosure of Information to Third Parties, Onward Transfer
Constellation processes data in the United States. We do not rent, sell or share your PII with non-affiliated third parties without your permission. The company may, however, share data with trusted third-party service providers and contractors who provide certain services for us, The services provided by these third-party service providers and contractors include: a) cloud computer, data storage and file storage providers, b) email marketing providers, c) website and b2b sales analytics providers, d) customer relationship management, contact database vendors, data hygiene vendors, survey vendors and project management software providers, e) customer billing systems vendors, f) login authentication providers to ensure that the logins to our systems are working efficiently, g) outsourced computer programmers helping ensure our systems are operating properly, h) auditing, debugging and security vendors. These agents work on our behalf and use data only as directed by us under written agreements which outline how they may use such data and require that such third-party agents provide at least the same level of privacy protection as we do.
The company may also share aggregate data collected on the Website or via its Platform without restriction. This information cannot be used to contact or identify any person individually.
Constellation may be required to disclose your information to third parties when obligated to do so by law and in order to investigate, prevent, or take action regarding suspected, or actual prohibited activities, including transfer reasonably intended to meet national security or law enforcement requirements, or when we believe in good faith that disclosure is necessary to protect our rights, including but not limited to fraud and situations involving potential threats to the physical safety of any person.
Finally, Constellation may transfer information, including any PII or Non-PII, to a successor entity in connection with a corporate merger, consolidation, sale of assets, bankruptcy, or other corporate change. If Constellation is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our website of any change in ownership or uses of your personal data, as well as any choices you may have regarding your personal data.
U.S. Data Subjects
The California Consumer Privacy Act (“CCPA”) provides additional privacy protections for California consumers, including: (a) the right to see what data we have about you, your computer or device (i.e., the right to know), (b) the right to delete the data we have about you, your computer or device (i.e., the right to delete), (c) the right to edit or correct data we have about you, your computer or device (i.e., the right to correct) (d) the right to port that data over to a different provider, and (e) the right to opt-out of the sale to certain third parties (i.e., the right to opt-out from sales of your information). Other U.S. states (e.g., Colorado, Connecticut, Virginia, and Utah) have privacy laws with similar rules as California that grant you similar rights. Constellation uses the same process to honor CCPA and other U.S. state privacy law rights including but not limited to right of access and deletion. That process is described below.
We do not discriminate against you if you exercise any of the above rights. Moreover, we may not be able to honor a right if doing so would violate applicable law. In some places (e.g., Colorado and Virginia) you may have the right to appeal decisions you feel are incorrect to your state’s attorney general. We do not sell data via our Platforms and do not share data via our Platforms except as directed to by the applicable Client.
As required by the CCPA and certain other state privacy laws, you may make an access or deletion request via an authorized agent by having such agent follow the process below. Please note that we will request any authorized agent demonstrate that they have been authorized by you to make a request on your behalf, and we will attempt to verify your request. We require any authorized agents to provide us with contact details such as an email address and phone number so that we may ensure a timely response to the consumer.
Individuals who have provided information directly to one of Constellation’s Clients must send follow-up requests to access or delete such information to that particular Constellation Client.
If you have any questions, or to make an access, deletion or similar privacy request outlined above, please contact Constellation at email@example.com, via the postal addresses at the bottom of this Policy.
We will confirm your request within 10 business days and make a good faith attempt to fulfill your request within 45 days unless applicable law requires that we respond more quickly.
If you are a Client or partner of Constellation and have questions about your ability to see the data used to login to our systems, we ask that you direct your question to the person that owns the business relationship. If you are a consumer and want to see what data we may have on behalf of one of our customers, kindly reach out to that individual customer.
The number of CCPA requests to delete that Constellation received, compiled with whole or part and denied in 2023: 0, 0 and 0.
The number of CCPA requests to opt-out that Constellation received (not including requests made via Constellation’s cookie based opt-out mechanism) compiled with whole or part and denied in 2023: 0, 0 and 0.
The median number of days within which Constellation substantively responded to requests to know, requests to delete and requests to opt-out: 0, 0 and 0.
By email: firstname.lastname@example.org. If you have unresolved concerns, you may also have the right to complain to your local data protection authority.
Constellation Software, Inc
One World Trade Center
285 Fulton Street, Floor 21,
New York, NY 10007