Privacy Policy,
effective as of September 14, 2021

Your privacy is important to Widen, an Acquia company, which provides a web-based content hub called Widen Collective®, that simplifies how brand, marketing, and product content is organized, accessed, and delivered to market. It combines the power of digital asset management (DAM) and product information management (PIM) in one platform, enabling teams to find what they need, coordinate content related workflows, and publish up-to-date content across digital and print channels. 

This Privacy Policy covers our company information practices, including how we collect, use, share, and secure the personal data you may provide to us. In addition, we describe your choices regarding use, access, and correction of your personal data.

We developed this Privacy Policy to provide you with information on how we process your personal data when you interact with us in a number of ways, such as a visitor to any of our websites, potential customer, or active user of our Widen Collective® applications, consulting, customer success, design, implementation, or managed services (“Services”).

Information we collect and how we use it

Widen as a data controller

A data controller is the decision-maker controlling the purpose and means of processing of personal data.  Acting as a data controller, Widen determines how the data we collect is used. When you visit one of our websites, like www.widen.com or community.widen.com, or register for a Widen event, for example, Widen is acting as the data controller. We may collect personal and non-personal information for these purposes and only require information that is necessary for us to communicate with you regarding the requested activity or inquiry. Common information collected includes your name, company name, phone number, and business email address.

When visiting our websites, we automatically collect your:

• Internet Protocol (IP) address
• Device and application identification numbers
• Location
• Browser type
• Internet service provider and/or mobile carrier
• Pages and files you viewed
• Search history
• Operating system and system configuration information
• Date/time stamps associated with your usage

We gather this information to analyze trends in the aggregate and administer our websites. Due to Internet communications standards, when you visit or use our website, we automatically receive the URL of the website from which you came and the website to which you go when you leave our site. This information is used to analyze overall trends, to track and aggregate non-personal information, and to deliver and improve our websites and services.

When you voluntarily submit a request via our websites, we may collect a combination of your:

• Name
• Business email
• Job title
• Phone number
• Company name
• Company size by number of employees
• Country or location
• Contact preferences
• Testimonials

When you voluntarily provide the above information through our websites, such as to request a demo or sign up for our news alerts, we use it to determine the best way to address your request. For example, the number of employees allows us to customize our response based on that potential volume of users. When posting a customer testimonial to our website, we will only do so with your explicit prior consent.

When registering for an event, we collect:

• Financial information (e.g., debit or credit card number)
• Billing name and address

This information is required in order to perform the transaction associated with event attendance. Please note, Widen uses third-party service providers for these activities and does not handle or otherwise process this information internally. These third-party service providers are data controllers. They make their own decisions concerning the purpose and means of processing your personal data.

Widen as a data processor

When Widen acts as a data processor, it is acting only on the instructions of a data controller and on that controller’s behalf.  Acting as a data processor Widen is providing a service to and acting on behalf of a data controller.  Widen’s actions are generally governed by a Master Service Agreement (MSA) and/or a Data Processing Agreement (DPA) or other formal contract. When you are an active user of our Services, such as any of the Widen Collective® applications, Widen is acting as the data processor.  We may collect personal and non-personal information for these purposes and only require information that is necessary for us to provide our Services and fulfill our contractual obligations to the data controller, which typically but not always is your organization or a third-party partner of your organization.

As an active user of our Services, we collect your:

• Name
• Email address

Beyond this, your organization defines the categories and type of information that we may collect while you use our Services.

All information is processed pursuant to the terms of our contract with the data controller, with your name and email address required in order to authenticate you as an authorized user.

How your information may be shared

Widen contracts with third-party service providers to support the execution of certain activities described above, such as:

• Website analytics
• Billing services (e.g. to support event registration)
• Data hosting

These service providers are authorized to use the data only as necessary to provide the contracted Services and Widen evaluates and makes efforts to ensure that all such providers value your privacy as much as we do.

Further, Widen reserves the right to use or disclose information provided if required by law or if Widen reasonably believes that use or disclosure is necessary to protect Widen’s rights and/or to comply with a judicial proceeding, court order, or legal process. In these circumstances, and as allowed, Widen will contact you in advance of the disclosure.

Widen does not share, sell, rent, or trade your personal data.

Security safeguards

Security controls

At Widen, we are committed to ensuring your personal data stays personal. We have put in place technical, physical, and organizational security measures to prevent unauthorized access or disclosure of your data. All of our websites and Services are designed with security in mind, and all of our staff are aware of and trained on privacy and security principles and best practices.

Data retention

It is our policy to retain your data for a period of time which is consistent with the original purpose(s) of collection. Personal data automatically collected by our websites is retained for no more than five years from the date of last activity. Personal data collected where Widen is acting as the data processor is retained through the life of the contract and no more than 30 days beyond expiration or as otherwise defined within the customer contract.

Protecting children online

We request individuals under 16 years of age not provide personal data to Widen. If we learn that we have collected the personal data from an individual under the age of 16, we will take steps to delete the information without undue delay.

Data privacy rights

Widen appreciates your business and the trust you have put in us and will do its best to offer these personal data rights to all individuals regardless of where in the world they are located. In general, you have:

• The right to be informed. This means anyone processing your personal data must make clear what they are processing, why, and who else the data may be passed to.
• The right of access. This is your right to see what data is held about you by a data controller. For active users, your organization (Widen’s customer) is the data controller. For website visitors, event attendees, and news alert recipients, Widen is the data controller.
• The right to rectification. The right to have your data corrected or amended if what is held is incorrect in some way.
• The right to erasure. Under certain circumstances, you can ask for your personal data to be deleted. This is also called “the Right to be Forgotten.” This would apply if the personal data is no longer required for the purpose(s) it was collected for, or your consent for the processing of that data has been withdrawn, or the personal data has been unlawfully processed.
• The right to restrict processing. Under certain circumstances, you can ask for a temporary halt to the processing of personal data, such as in the case where a dispute or legal proceeding is taking place.
• The right to know and opt out of selling or sharing. As defined by the California Consumer Privacy Act (CCPA) and more recent California Privacy Rights Act (CPRA), Widen does not sell or share personal information.

Widen shall not discriminate against a consumer because the consumer exercised any of the above rights.

We will do our best to provide information to you on any action taken on these requests within 30 days of receipt of the request. We will notify you if there is a delay in responding to the request.

To exercise these rights, please send an email to dpo@widen.com.

You can also contact us by writing to us at the following address:

Widen Enterprises, Inc.
Attention: Data Privacy Officer
6911 Mangrove Lane
Madison, WI 53713

Or to our representative in Europe:

Abbey Place
24-28 Easton Street
High Wycombe
Buckinghamshire
HP11 1NT

General Data Protection Regulation

As an international company with customers and users in the European Economic Area (EEA), Widen complies with the requirements of the General Data Protection Regulation (GDPR).

Lawful basis for processing

As a data controller, Widen processes your personal data under the following lawful basis:

• Legitimate interest, such as to improve our websites and service offerings
• Consent, such as to post your testimonial, fulfill your request for contact, or complete event registration
• Legal obligations, such as compliance with applicable accounting rules and mandatory disclosures to law enforcement

As a data processor, Widen is providing a service to and acting on behalf of a data controller, and all personal data processing activities are governed by a Master Services Agreement (MSA) and a Data Processing Agreement (DPA) or other formal contract.

Cross-border and onward transfers

The data that we collect is primarily processed in the United States. To facilitate our global operations, we maintain offices in the USA and in the UK, and may transfer and access data between those locations in compliance with the GDPR.

Certain Widen services comply with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States, respectively. However, in response to the July 16, 2020, ruling of the Court of Justice of the European Union (CJEU) that invalidated Privacy Shield, Widen no longer relies upon Privacy Shield as a valid mechanism for data transfers.

Widen has and will continue to rely upon standard contractual clauses (SCCs) and explicit informed consent for the transfer of personal data from the EU to the US, and through those mechanisms and the use of technical safeguards, Widen will continue to protect data in accordance with the principles of the GDPR.

Sub-processors

To learn more about how Widen selects and engages with sub-processors, as well as the sub-processors used to support our Services, click here.

Where Widen is the data controller, you may request to review, correct, delete, or otherwise modify any of the personal information that you have previously provided to us. There are a few self-service options available to you:

• If you have registered for an account with Widen, you may generally update your user settings and profile by logging into the applicable service with your username and password and editing your settings or profile.
• You can manage your receipt of marketing and non-transactional communications by unsubscribing via a link in our emails.
• To update your billing information, discontinue your account, and/or request return or deletion of your data associated with your account, please contact support@widen.com.

For other requests to access, correct, modify, or delete your data, please review the “Contact Information” section below. We appreciate our customers and would like to continue to communicate with you about news and issues we believe would be of interest to you.

Cookie policy

We use cookies and web beacons to make interactions with our websites easy, meaningful, and personalized. Cookies are small text files sent by us to your computer or mobile device, which enables features and functionality. They are unique to your account or your browser. Session-based cookies last only while your browser is open and are automatically deleted when you close your browser. Persistent cookies last until you or your browser delete them or until they expire. You can control the use of cookies within the options functionality of your browser, but if you choose to disable cookies, it may limit your use of certain features or functions on our websites.

Widen uses the following categories of cookies:

• Strictly necessary
• Performance
• Advertising
• Web beacons

Strictly necessary cookies: Used on both our websites and within our Services

These cookies enable you to navigate our websites and use their features. If you have chosen to identify yourself to us by signing up for a Service, we may place cookies containing a unique identifier on your browser. These cookies allow us to identify you when you are logged into one of our websites or Services and to process your online transactions and requests.

Performance cookies: Used only on our websites

These cookies allow our websites to remember the information you have entered or the choices you have made and provide you with a more personal experience. These cookies also enable you to optimize your use of our website after you have logged in. Performance cookies improve how our websites function and perform. They enhance and customize your interactions with us, and help us provide you with more relevant messages.

Widen may use third parties to track and analyze the usage and volume of statistical information from website visitors, event attendees, and customers to provide enhanced interactions and more relevant communications, and to track the performance of Widen’s advertisements. Widen’s third-party partners may also utilize HTML5 local storage. HTML local storage is different from browser cookies because of the amount of, type of, and how data is stored.

Advertising cookies: Used only on our websites

We sometimes use cookies delivered by third parties to show you ads for Widen that we think may interest you on any devices you may use and to track the performance of our advertisements. For example, in these cases, cookies remember information such as which browsers have visited our website. The information provided to third parties does not include personal data, but this information may be reassociated with personal data after we receive it.

Widen also contracts with third-party advertising networks that collect IP addresses and other information from web beacons on Widen’s websites, from emails, and on third-party websites. These technologies may recognize you across the different devices you use, such as a desktop or laptop computer, smartphone, or tablet. You may see these advertisements on other websites or mobile applications on any of your devices. This process helps us manage and track the effectiveness of our marketing efforts.

Web beacons: Used on our websites and within electronic marketing material

Web beacons are used to improve your experience on our websites and within our marketing services, including to help us provide you with content customized to your interests. A web beacon is a clear electronic image that can recognize certain types of information on your computer, such as cookies, when you viewed a particular website, or interacted with a service tied to the web beacon. For example, they also help us to understand whether users read email messages and click on the links contained within those messages so that we can deliver relevant content and offers.

Do not track

Currently, various browsers — including Edge, Chrome, Firefox, and Safari — offer a “do not track,” or DNT, option that relies on a technology known as a DNT header, which sends a signal to websites visited by the user about the user's browser DNT preference setting. Our websites do not collect personal data about your online activities over time and across third-party websites or online services. Therefore, DNT signals transmitted from web browsers do not apply and we do not alter any of our data collection and use practices upon receipt of such a signal.

Opt out of cookies

Some people prefer not to allow cookies, which is why most browsers give you the ability to manage cookies to suit you. In some browsers, you can set up rules to manage cookies on a site-by-site basis, giving you more fine-grained control over your privacy. What this means is that you can disallow cookies from all sites except those that you trust. Some of our Services will not function properly when cookies are disabled.

Policy maintenance

We may update this Privacy Policy occasionally as we add new products and services, as we improve our existing products and services, and as technologies and laws change. Any changes will become effective upon our posting of the Privacy Policy.

We will provide notification of a material change to this Privacy Policy through our websites or email at least 30 business days prior to the material change taking effect and, where required by law, we will obtain your consent.

This is the current version of our Privacy Policy, effective September 14, 2021.

Contact information

Questions regarding this Privacy Policy or our information practices should be directed to privacy@widen.com.

For all other inquiries, contact support@widen.com.