If you have any questions regarding this policy, feel free to contact us at [email protected]
Depending on your use of the Site Search 360 website, or direct interactions with us, we collect two types of information:personal data and non-personal data.
Personal data, as defined in GDPR, or 'Personally identifiable Information' (PII), as used in US privacy law and information security, is any information, either alone or combined with other data, that may be used to identify, contact, or locate you as an individual. Examples include your name, physical address, company name etc.
Non-personal data is information that cannot be used or combined with other information to identify or contact you. E.g. browser settings, search queries, and statistical data involving the use of Site Search 360 website.
Different types of information are collected depending on your actions:
- When you use Site Search 360 on your Site
- When you log in to access your Site Search 360 control panel
- When you simply browse our website
Let's review each case in detail.
I'm using Site Search 360 as a search engine on my site. What data is collected from my users?
As a data controller who processes your visitors data on your behalf, we have introduced and pre-signed a Data Processing Addendum (DPA) which complements our Policies. The DPA became effective for all users on May 25, 2018 in accordance with GDPR requirements.
Our DPA has 3 annexes:
- Technical and organizational measures taken by our server hosting provider (Hetzner GmbH)
- Quality compliance certificate of Hetzner GmbH issued by the globally recognized certification body TÜV Rheinland
- Technical and organizational measures taken by us as a Contractor of Hetzner GmbH
You can also find them all these documents by signing into your Control Panel and going under Help -> Documents section.
- User's search query
Why? Search queries provide the core of your search analytics. When you know what your users look for, you can adjust your search settings and your site content to help them find what they need. This information is aggregated in your Control Panel and Google Analytics (when you choose to integrate it) and is not personally identifiable.
It is stored until you delete your account with Site Search 360.
- User's IP address
Why? To ignore logging from certain users (eg. your own team) and to prevent spam and abuse techniques (eg. blacklisting an IP address used for a malicious attack).
It is stored for 14 days for blocked IPs.
- __cfduid cookie
Why? It is a strictly necessary cookie for Cloudflare's (our CDN) security features and cannot be turned off. It does not store any personally identifiable information. It is exempt from GDPR Cookie Consent as it is required for the "user-centric security". You can host the script yourself to avoid that cookie (absolutely not recommended).
It is stored for 1 year.
- ss360LastQuery cookie
Why? To store the last-entered query so that when the user navigates back to the search result page, the correct results are shown. This cookie is also exempt from GDPR Cookie Consent as it falls under User Input category.
It is stored for 24 hours.
All communication between your website user and our server is encrypted and secured via SSL (Secure Sockets Layer).
As you can see, the SS360 script keeps your users data safe and no personal information about your users is stored on our servers.
What data is collected when I'm using the Control Panel?
When you register on our site, subscribe to a newsletter or save information in your Profile, we only collect personal information that you provide us voluntarily.
By signing up for a trial period, you automatically create a user account for Site Search 360, and you are asked to provide some personal information, such as your:
- Email address
- Domain name (website where you want to use Site Search 360)
We use this information for the following purposes:
- To set up your account and let you access it. Domain name (= your siteID) and password create a unique combination that you'll use to log into your Control Panel.
- To better understand our clients. For example, knowing your country and domain name specifics (.gov, .edu etc.) helps us better prioritize our development tasks to keep efficiently improving our service.
- To send out service and transactional emails including invoices, payment confirmations, service outage notifications, password reset forms.
- We might also use your email address to share with you our new features and important updates (about once a month). If you don't want to receive any news emails from Site Search 360, you are free to unsubscribe at any time (by using the link in the email footer).
Once you're logged into the Control Panel, you can manage, update, or delete your personal information under your Profile settings. If you choose to delete your account, all associated information will be erased.
All transactions are processed by our payment provider Stripe. All sensitive information, such as credit card number, expiration date and CVC/CVV are securely provided directly to Stripe and are never saved or stored on our servers.
What data is collected when I'm visiting Site Search 360 website?
When browsing our site, reading our documentation or watching the video materials, you automatically send us your non personal data, such as your device's IP address, referring website, what pages you visited, when and through which browser.
We use this aggregated, non personally identifiable data for the following purposes:
- To collect website usage statistics so that we can improve our website performance and content
- To let you instantly connect with us through the website chat (powered by HubSpot)
- To remember the language you selected so that we display it automatically when you come back to our site
What are cookies and what are they for?
Cookies are small text files sent to your browser by a website you visit. These files contain information about your interaction with the site, like your preferred language and other settings. This makes your next visit easier, login faster and our site more useful to you. Cookies are important and make using the web a much smoother experience.
We use this information for the following purposes:
- To help us remember and process your actions in the control panel
- To assist you in registration, login, and your ability to contact us or provide feedback
- To help us analyze your use of our service and aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future
- To assist us with our promotional and marketing efforts
If you turn the cookie setting off, some features will be disabled. It will turn off some of the features that make your site experience more efficient and some of our services will not function properly. You will not be able to log into your control panel.
Protecting your information
Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all sensitive information you supply is encrypted via Secure Socket Layer (SSL) technology.
We implement a variety of security measures when a user places an order, enters, submits, or accesses their information to maintain the safety of your personal data. All transactions are processed through a gateway provider (Stripe) and are not stored or processed on our servers.
Site Search 360 does not sell, rent, trade, or otherwise transfer any personal data with other people/parties without your consent. However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.
When it comes to the collection of personal information from children under 13, the Children's Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, the US consumer protection agency, enforces the COPPA Rule, which spells out what websites and online services must do to protect children's privacy and safety online.
We do not specifically market to children under 13.
The Fair Information Practices Principles form the backbone of privacy law in the United States. We understand these principles and implement them to protect your personal information. We have also updated the existing breach management and communication process to comply with GDPR.
Should a personal data breach occur and if it is likely to put our users' rights and freedoms at risk, we will take the following responsive action:
- We will notify the users by email and via in-site notification within 7 business days
- We will notify the designated supervisory authorities within 72 hours.
We also agree to the Individual Redress Principle allowing you to pursue legally enforceable rights against data controllers (us in this case), if they fail to adhere to the law. You also have the ability to engage with courts or government agencies to investigate and/or prosecute any non-compliance.
If you have any questions regarding this policy, feel free to contact us.
This page was last updated on 2019-10-25