UPDATED: APRIL 03, 2023
If you have any questions or concerns about how we process your information or about this Policy, you can email us any time at firstname.lastname@example.org.
2. What’s Changing With This Update
It’s important to us that you’re able to clearly understand how we process your information and what rights you have under privacy and data protection laws. We have updated our Privacy Statement to:
- Describe to you more specifically what we are doing.
- Add new ways of processing personal data to Customers an even better service.
- Include new disclosures and choices under these new laws.
3. Who is Publitas.com?
The Policy applies to Publitas.com B.V., J.H. Oortweg 21, 2333 CH Leiden, The Netherlands, (Publitas,” or “we“, “us“, “our“). We operate around the world and we partner with many others. To get to know us better, please check out About Us.
We do not own or operate third websites, content or businesses from Customers. We do not control, recommend or endorse the content, products, services, privacy policies or practices of these third party websites. It is therefore important that you get familiar with the privacy policies of these third parties on their website.
4. What do we do?
Our mission is to make it possible for our Customers to create interactive and shoppable content that can be promoted across different distribution networks. We collect data to understand performance of the content and help you optimize your engagement and conversion results.
5. How to contact us?
We regularly review our compliance with this Policy. We also regularly review the Policy with regulations and interpretations thereof. We welcome any questions, concerns, or feedback you may have about (the updates to) this Policy. Questions, comments and requests regarding this Policy are welcomed and should be addressed in the first instance to your contact person at Publitas or to email@example.com.
6. What does this policy apply to?
This Policy concerns the processing of personal data by our public websites, services as well as the processing of personal data when communicating with us. It also describes the processing of information provided or collected on other websites and applications where this Policy is posted or integrated in other policies or where Publitas is mentioned as a third party. This can relate to our digital properties or on applications that we make available on third-party websites or platforms like Shopify. We follow this Policy in accordance with the applicable laws and regulations in the places where we operate. In some cases, we may provide additional data privacy notices specific to certain products, practices, or regions. Those terms are to be read in conjunction with this Policy.
Below we provide an overview of the collection and use of personal data by Publitas and the purposes for which this data is being used. We always seek to find a balance between your fundamental right to privacy and the legitimate interests of Publitas, in compliance with all applicable regulations.
7. Who are you?
Much of this Policy is divided into sections based on the way you may interact with us. You are either a Site Visitor, a Content Reader, a Prospect, a Customer or a Candidate. Please determine what user type you are based on the definitions down below. For each user type we explain what information we collect, which technologies we use, how we share such information and your rights.
- Website Visitor: You are a Website Visitor when you visit and interact with our websites, web pages, interactive features, blogs and their respective contents at publitas.com (hereinafter referred to all as “our websites“).
- Content Reader: You are a Content Reader when you visit a page of a website or application of one of our Customers to view their content that is created with our software. You know you are engaging with Publitas if you see text referencing Publitas (e.g., “Recommended by Publitas”, “by Publitas”, the Publitas Logo). A Customer may have white-labeled Publitas´ services for their own offering. In such an event, Customers must disclose their use of Publitas in their privacy policies. We make our Customers aware and encourage and encourage them to do so.
- Prospect: You are a Prospect when you show interest in Publitas services. You are also a Prospect when we strongly believe that the company you work for would highly benefit from Publitas´ services.
- Customer: You are a Customer when you email with Publitas about services on behalf of the company you work for. You are also a Customer when you register on behalf of the company you work for to use the Publitas services. This means that you create, activate or use your Customer account or interact with our websites, web pages, interactive features, blogs and their respective contents with app.publitas.com (“Publitas CMS”) and support.publitas.com (“Publitas support”).
- Candidate: You are a Candidate if you applied for a job at Publitas, send in an open application or when our recruiters contact you via platforms dedicated to recruiting because they think you would be a good fit for a certain role within Publitas.com.
8. What we do
8.1 General information applicable to all
Generally speaking, Publitas processes information we receive directly from you, automatically collected when you use Publitas or visit our websites, and collected by Publitas from third parties. However, please note that this Policy does only partly apply to and cover the processing of your information by third parties through your use of any third-party integrations available via our services. Please visit those third-party websites directly for more information on their privacy and data protection practices.
We use your information to operate our websites, services, communicate with you, process transactions, for security and fraud prevention, and to comply with the law. Specifically, we may process your information to:
- Provide services to you and operate our business
- Maintain, provide, and improve our services
- Help us better understand user interests and needs, and customize Publitas for you
- Analyze and research how you interact with our websites and applications
- Protect Publitas and you, for example:
- Securing our systems and products against fraud or unauthorized activity
- Identifying, troubleshooting, and fixing bugs and errors
- Complying with global laws and regulations
- Investigate in good faith alleged violations of our Terms of Service
- Comply in good faith with a valid legal subpoena, request, or other lawful process that meets the requirements of our Law Enforcement Guidelines or that we otherwise determine is necessary to respond to
- If you use Publitas as part of an organization, company, or academic institution, Publitas will process your information as required by our contract with your organization or academic institution. Those contractual terms may differ from, and, in the event of a conflict, take precedence over, the uses described in this Privacy Statement.
In addition, we use information about your use of Publitas, account information (such as your email address and name), and information related to third-party integrations to:
- Facilitate reporting and analyze performance of the Publitas platform or features available in Publitas
- Provide webinars or public presentations
- Demonstrate Publitas
- Process your information at your direction
- Provide cross-device management of your account. For example, we may locate or try to locate the same unique users across multiple browsers or devices (such as smartphones or tablets), or work with service providers that do this, in order to save your preferences across devices and analyze usage of our services. If you wish to opt out of Google’s ability to locate you across devices in this way, you may install the Google Analytics Opt-out Browser Add-on
- Provide you with support and get your feedback
Unless otherwise prohibited by law, we may combine the information that we collect through your use of our services with information that we receive from other sources, both online and offline, and use that combined information as set out above
8.2 When you are a Website Visitor
We want to understand what services on our websites interest you and we want to remind you about the services we offer when you are not on our websites. In order to do this, we collect the following information from your device:
- IP address;
- User Agent data: device type (e.g., iPhone), browser type (e.g., Chrome), operating system (e.g., iOS);
- The pages visited on our websites;
- The time of visit (and corresponding time zone);
- Referring URLs and other information normally transmitted in HTTP requests e.g. information telling us how you arrived on our websites, browser type and settings, referring/exit pages and URLs, number of clicks, language preferences, screen solution and similar information;
- Information collected as a result of participation in beta testing, such as error reports or feedback provided by you;
- Possibly information about how you interact with our websites such as where you click, how long you visit a page, your scrolling, mouse hovers, submissions, video views, errors and other data to help us better understand your experience and provide you with the best user experience;
- Device information and activity when you use Publitas via a mobile device, such as the type of device you are using, device IDs, operating system version, preferred language and mobile network information to ensure that we are serving you the correct version of our application; and
- Derived device geolocation information, such as approximate geographic location inferred from an IP address.
- Site statistics unless you have switched off this possibility though Google Analytics or similar tools.
In addition, we may also collect your name and email address or other requested contact data if you agree to send your details to us. This would be the case when you sign up to receive news, offer updates or similar from Publitas via e-mail, and engage with our chat widget. It would also be the case when you register for any trial signup forms, if available. The information will then be used to follow-up on your request and/or provide you access to your Customer account. For this same purpose, we may keep records of our communication with you and track interactions with our email and chat messages. We do this by collecting UTM parameters.
8.3 When you are a Content Reader
In addition to information we may collect from you as a Website Visitor, we may collect data in order to improve the Publitas services to support Customers to improve their own services. We do this by using cookies, UTM parameters and we may use UUID as well.
When you, as a Content Reader, first visit a Customer Website (e.g., metro.com), Publitas drops a cookie on your device in order to generate a temporary UUID. Every new visit is a new UUID.
As an example, Publitas may know that this UUID (which could be you on your Macbook Air on Metro using Chrome as your browser) likes to check seasonal food recipes. We might know that you also like to look for weekly deals,, but only if this happens within the same visit and catalog. We don’t have any UUIDs spanning different visits, devices, catalogs or any permanent data that would allow us to connect repeated behavior to a single UUID. That’s it. When you interact with Publitas we more so do not collect the mainstream personal data from you, like your email address or name, therefore we cannot associate your name with that UUID. The UUID is only accessible in-memory from the application that displays the catalog. It is not accessible to partner websites, Customer Websites or anything similar.
Customers may provide information with us when we act in the name of the Customer. As Publitas does not have a direct relationship with Content Readers interacting with Customer Websites, we rely on our Customers to determine the lawful basis upon which we can process personal data Customers provide us with.
8.4 When you are a Prospect
Our sales and marketing team may come across your details or your company’s details online in our search for companies we think we can add value to with our services. In doing so, we may store your name, business contact information (such as work email address), information about your position and information about your company in our systems. We will also keep records of our communication with you and track interactions with our email messages (such as opening). We do this so we can contact you about our services through email and/or phone and effectively follow-up on our communication with you. We only do so based on sales best practices, which means that we do take into consideration the privacy regulations that apply to you based on your residents and citizenship.
8.5 When you are a Customer
Our Customers are subject to our General Terms of Service to use Publitas services. As a Customer you have submitted yourself to our Data Processing Agreement, whereas Publitas is the processor/service provider (a provider that processes personal data on behalf of or at the direction of a controller, or other similar designation under the law) and our customer (usually a company or organization) is the controller/business (the entity that decides how and why information is processed) of the information provided to Publitas via their use of Publitas. In all other cases, Publitas is the controller of the information.
For Customers, employees of Customers or prospective Customers, meaning entities with whom we have signed a service contract with, we collect and use the categories of information listed below because we either have a direct contract with you or because you work for a company we have a contract with. This includes information that is needed for us to create Customer account for you and manage your ability to log in and out of your Customer account:
- Information regarding your browsing, such as anonymized – if needed – pseudonymized IP address, session cookies, browser type, internet service provider, operating system, locale, and language preferences, identification numbers associated with your devices, system configuration information
- Identifiers, such as first and last name and email address, phone number, you country, user role and industry, company Name, company address, customer Portal Privileges, Name
- Information regarding your subscription plan like, the type subscription plan, the start/end date of your subscription, traffic volume and pricing
- Your password for Publitas (hashed) – unique, long, and strong, please
- Information related to a third-party authentication identity provider such as Google Authenticator
- Trackers like Google Analytics when we provide our in-app dashboard to you, unless you have enabled “do not track”
- If you upgrade your free subscription to a paid subscription, we may collect:
- Billing information, such as name, address, and telephone number
- Financial information, such as credit card information collected by our payment processors on our behalf like VAT ID, billing frequency, currency, billing email, unique customer identifier, order ID, payment card details, date/time/amount of transaction
- Information about your chosen subscription plan
Additional information you provide to us through your use of your Customer account may be
- Name and basic contact information in order to contact you about your contract and/or your Customer account and to respond to incoming requests more effectively.
- Information you provide in Contents
- Information uploaded to Contents, such as pdf´s
- Other information you choose to include in Contents
- Professional or employment information, such as your title or role at your company
- Any written communication with us such as chat conversations and emails
- Any other information you choose to provide while using our Customer account that identifies or can be reasonably associated with you
- We may also use your contact information to send you a customer satisfaction survey after you’ve been in contact with us.
- Records of our communication with you and track interactions with our email messages (such as opening). We do this so we can contact you about our services and effectively follow-up on our communication with you.
- We may obtain information from social networking sites (eg. LinkedIn), in order to make our communication to you more relevant.
You may provide certain personal data (such as email address) when you sign up for Publitas Products or Services or otherwise communicate or interact with us. If you apply to become a Customer, we may request additional information. We automatically collect information about your username’s actions in the Customer account and Customer dashboard.
We may collect and process the personal data above in order to perform our obligations under our agreement as a Customer (or prospective Customer) with you including to:
- respond to your questions and requests;
- to provide you with access to certain functions and features of Publitas Products and Service, like your dashboard in your Customer account);
- verify your identity; and communicate with you about your Customer account or your use of the system, which includes service messages, occasional customer satisfaction surveys. our products, and available promotions relevant to your use of the Publitas services.
When using your Customer account, we collect information about how you use your Customer account. This includes cookies, date and time of access, navigation events and mouse clicks. We may use this information in order to make sure you only receive relevant service messages (eg. about features you actually use) and to analyze usage of the service and identify improvements.
When you are closing your Customer account, we store information for as long as needed for administrative and legal purposes.
8.6 when you are a Candidate
When you apply for a job we store your name, contact information (such as email address) and career history and interests in our systems. We will also keep records of our communication with you. We do this so we can contact you about relevant positions at our company and effectively follow-up on our communication with you.
Because over 50% of the company works location-independent, our interview process typically involves video calls which we may record in order to share them with team members or other people relevant to the position you’re applying for. We will always inform you about the possibility of recording in your invitation and again before or at the beginning of the call.
Any additional information you provide during the interview process will only be used for the purpose of serving the interview process and will never be shared outside of Publitas.
Because we’re always on the lookout for talent, we may come across your details on a social networking site or other website and tools and access all information from there. We might store such information in case we have a job opportunity you would be fit for. We will also keep records of our communication with you with regards to hiring. We do this so we can contact you about relevant positions at our company and effectively follow-up on our communication with you. If we do, we will ask your consent for the processing of your personal data for recruitment and analytics purposes only.
When you apply for a position, we ask consent for storing your personal data related to your application for two years. This makes it possible for us to keep you in mind as a Candidate for future positions. If you do not want this, you can refuse the storage of your data for two years. You can at any time request deletion of your information or subtract your consent at any given moment by contacting using the designated link in our e-mail footer or via firstname.lastname@example.org or directly emailing the recruiter you have been in touch with. Mind that we will still store your data for as long as needed for administration and legal reasons.
9. How can we share information?
We need to disclose the information we collect about you to make our services run smoothly and to operate our business under the following conditions. We use and disclose the categories of information we collect from and about you consistent with the various business purposes we discuss throughout this Privacy Statement. We do not disclose your information to third parties for their own direct marketing purposes.
- Service providers and subprocessors: We may provide access or disclose your information to select third parties that use the information on our behalf to assist in providing our services and our websites. These third parties provide a variety of services to us, including without limitation sales, marketing, provision of content and features, advertising, analytics, research, data storage, security, fraud prevention, and other services. You can find a list of our sub-processors here.
- Advertising and marketing: We may provide information collected to service providers, who may “match” this information in de-identified form to cookies (or mobile ad identifiers) and other proprietary IDs, in order to provide you with more relevant Publitas ads when you visit other websites.
- Because you ask us to disclose: We may disclose your information to third parties when you ask us to do so. This includes when you connect Publitas with other tools via our available integrations.
- Consistent with your settings within our services: Please note that the information you submit through and post to your Customer account may be viewable by other users in your workspace, team, division, or organization, depending on the specific settings you have selected and if an organization has been created for your domain.
- Affiliates and subsidiaries: We may disclose the information we collect within the Publitas family of companies to provide Publitas´ services to you.
- Business transfers: If the ownership of all or substantially all of our business changes, or all or some of our assets are sold as part of a bankruptcy or other proceeding, we may transfer your information to the new owner so that the services can continue to operate. In such a case, your information would remain subject to the promises and commitments contained in this Privacy Statement until the acquiring party updates it. If such transfer is subject to additional mandatory restrictions under applicable laws or agreements, Publitas will comply with those restrictions.
- Compliance with legal obligations: To comply in good faith with a valid legal subpoena, request, or other lawful process that meets our ISO 27001 certification requirements. We will notify individuals or customers of that request unless: we are prohibited from doing so by law or court order; or there are exceptional circumstances, such as an emergency involving the risk of bodily injury or death to a person or group of people or potential harm to minors.
10. How long do we store your data?
11. The legal basis for processing personal data
We process personal information under the following legal bases:
To fulfill a contract or take steps linked to a contract, including:
- Create a core infrastructure to provide our services including insights in its performance
- Analytics in order to improve the service including collecting feedback;
- Verifying your identity and other security purposed or auditing
- Taking payments and other necessary steps for accounting
- communicating with you
To conduct Publitas’ business and pursue our legitimate interests in marketing our business, ensuring that we conduct our business in line with our objectives, improving and developing our services, and keeping our records accurate and up to date. This includes:
- using your information to provide services you have requested and responding to any comments or complaints you may send us;
- personalizing your experience on the our websites and in the service in which you choose to enroll to help us to better respond to your individual needs;
- targeting advertising to individuals with similar interests or characteristics through services offered by third parties;
- developing new products or services or conducting analyses to enhance current services;
- reviewing the usage and operations of the our websites and analyzing and improving our websites (we continually strive to improve our websites based on the information and feedback we receive from you);
- contacting you for legitimate business purposes like notifying you about important changes, news and update;
- using personal information to invite individuals to take part in market research where consent is not required by applicable law, for direct marketing purposes;
- protecting the security and functionality of our websites, including using personal information you provide to investigate any complaints received from you or from others about our websites or our services.
We ask for consent when this is required by applicable law using the data for the purpose which we explain at that time.
12. Security Measures, Transfers Outside the EEA, Sharing and Data Retention
Publitas has a dedicated security team. We maintain tight controls over the personal data we collect, retaining it in firewalled and secured databases with strictly limited and controlled access rights, to ensure it is secure. Please see our security standards for more information.
Customers have access to certain password-protected features to their Customer account. Customers are responsible for keeping this password confidential and for ensuring the same for their employees and/or their agents. Please remember that, unfortunately, the transmission of information via the internet is never completely secure. A common Internet scam is known as “spoofing” or “phishing.” This occurs when you receive an email from what appears to be a legitimate source requesting personal data from you. Please be aware that we will not send you any emails requesting you to verify credit card, bank information, or any other personal data. If you ever receive an email that appears to be from us requesting such information from you, do not respond to it, and do not click on any links appearing in the email. Instead, please forward the email to us at email@example.com, as we will investigate instances of possible Internet fraud.
12.2 Aggregation, De-identification and Anonymization
We may aggregate and/or de-identify information related to your use of our websites or content (such as how many tasks or projects you created) so that such information can no longer be linked to you or your device. We may use such aggregated and de-identified data for any purpose, including but not limited to, research and marketing purposes and may also disclose such data to any third parties, including Customers.
We base our anonymisation process on WP 216 of the Art. 29 Group and the state of the art, with the aim that a re-identification of personal data is not feasible because the personal reference can only be restored with a disproportionate effort in terms of time, costs and manpower. Due to the nature of anonymisation as well as aggregation of the data (with the understanding that personal data is changed in such a way that the individual information about personal or factual circumstances can no longer be attributed to a specific or identifiable natural person or can only be attributed to a specific or identifiable natural person with a disproportionate effort in terms of time, costs and labor), it is no longer possible to draw conclusions about the corresponding origin of the data.
12.3 Data Transfers Outside the EU/EEA
When we transfer personal data from the European Economic Area (EEA) we will ensure such transfers are in compliance with relevant data protection laws, including, if applicable, a European Commission positive adequacy decision under Article 25(6) of Directive 95/46/EC or Article 45 of the GDPR. In other words, our measures are designed to ensure that the recipients of your personal data protect it.
Both the GDPR and CCPA’s requirements are comprehensive, but the law and regulatory guidance continues to evolve when it comes to privacy and data protection – and not just in the EU or the United States. As data protection authorities and regulators interpret and issue guidance on the GDPR, CCPA, and other currently existing data protection laws around the world and as countries pass new data protection laws, we will continue to follow these developments closely and evaluate our program for any changes or enhancements as needed.
13. Children and Sensitive Data
None of our websites are intentionally directed at children under 16. Our Customers may (specifically) target children under 16. We do not knowingly collect personal data from anyone under 16 years of age, however we may do so in the name of our Customer as their processor. Please contact our Customer for more information, as this Privacy Statement does not apply to and cover the processing of your information by third parties through your use of any third-party integrations available via our content.
13.2 Sensitive data
We do not knowingly collect sensitive data, however we may do so in the name of our Customer as their processor. Please contact our Customer for more information, as this Privacy Statement does not apply to and cover the processing of your information by third parties through your use of any third-party integrations available via our content.
14. Your Rights
If as a Customer you wish to verify, correct, update or request the deactivation of your information, you may go to the Customer account in order to edit your profile preferences or contact us at firstname.lastname@example.org.
If you are interacting with someone from Publitas one on one like via email, social media platform (i.e. LinkedIn) or on the phone, you can opt out simply by telling us in that conversation. You can also send a request to email@example.com and request removal of all of your personal data.
- the right to request information about whether and which personal data is processed by us, and the right to demand that personal data is rectified or amended.
- the right to request that personal data should be deleted.
- the right to demand that the processing of personal data should be restricted.
- withdraw your consent to the processing and use of your data completely or partially at any time with future application.
- have the right to obtain your personal data in a common, structured and mechanically readable format.
- contact the privacy team if there are any questions, comments, complaints or requests in connection with our statement on data protection and the processing of your personal data.
- the right to complain to the responsible supervisory authority if believed that the processing of your personal data is in violation of the legislation.
Please email firstname.lastname@example.org with any questions about exercising any of the above rights.
As a California resident, you have the rights listed below. “Personal Information” has the meaning given in the California Consumer Privacy Act of 2018 (“ CCPA”) but does not include information exempted from the scope of the CCPA. These rights are not absolute, and in certain cases we may decline your request as permitted by law.
- Information. You can request the following information about how we have collected and used your Personal Information during the past 12 months:
- The categories of Personal Information that we have collected.
- The categories of sources from which we collected Personal Information.
- The business or commercial purpose for collecting and/or selling Personal Information.
- The categories of third parties with whom we share Personal Information.
- Whether we have disclosed your Personal Information for a business purpose, and if so, the categories of Personal Information received by each category of third party recipient.
- Whether we’ve sold your Personal Information, and if so, the categories of Personal Information received by each category of third party recipient.
- Access. You can request a copy of the Personal Information that we have collected about you during the past 12 months.
- Deletion. You can ask us to delete the Personal Information that we have collected from you.
- Opt-out of sales. If we sell your Personal Information, you can opt-out. In addition, if you direct us not to sell your Personal Information, we will consider it a request pursuant to California’s “Shine the Light” law to stop sharing your personal information covered by that law with third parties for their direct marketing purposes.
- Opt-in. We contractually prohibit our publishing and advertising clients from placing our technology on pages that target individuals younger than 16 years old. If we learn that you are younger than 16 years old, we will ask for your permission (or if you are younger than 13 years old, your parent or guardian’s permission) to sell your Personal Information before we do so.
- Non discrimination. You are entitled to exercise the rights described above free from discrimination. This means that we will not penalize you for exercising your rights by taking actions such as denying you services; increasing the price/rate of services; decreasing service quality; or suggesting that we may penalize you as described above for exercising your rights.
You may exercise your California privacy rights by emailing email@example.com