These FAQs is designed to help our customers (“Customers”, “you”) understand better how Hotjar and Contentsquare, affiliates of Contentsquare Group (“Contentsquare Group”, “we”, “us”) handle personal data of participants in research (“Participants”) through interviews and user tests capabilities of Voice of Customer product (the “capabilities” or “Interviews & User Tests”), or assist you when assessing them in accordance with applicable data protection laws.
For any question about Contentsquare Group’s security practices, please refer to the Trust Portal here.
The information contained in these FAQs does not constitute legal advice and does not form part of the agreement between the Parties. We recommend that you consult with your own legal counsel in order to obtain advice specific to your own unique situation and how you intend to use these capabilities.
Feel free to contact Contentsquare Group’s Privacy Team at privacy@contentsquare.com with any additional questions, ideas or concerns.
What services does the Contentsquare Group provide with Interviews & User Tests?
Contentsquare Group offers services connecting Participants with individuals or corporate Customers looking to get feedback on products and services through user research participation (“Researchers”, “you”).
Researchers can set up new testing or interview opportunities (“Project”) and invite Participants who match their criteria to participate in unmoderated tests (“User Tests”) or interviews (“Interviews”). Researchers can recruit their own Participants (“External Participants”), or select Participants from Contentsquare Group’s pool of participants (“Testers”).
External Participants do not create an account with us but access the platform via a unique link we generate for you to participate in a Project. Testers create an account with us to take part in a Project.
Is Contentsquare Group a Controller or a Processor for personal data processed on Interviews & User Tests? For what purpose(s)?
For managing internal business purposes:
Contentsquare Group is the data controller of any personal data shared by Registered Testers for account registration and management, contract management, marketing, payment and billing and internal development purposes. Please find more information in our Privacy Policy here.
Researchers are the data controller of any personal data shared by the External Testers for account registration and management, contract management, marketing, payment and billing purposes. We recommend that External Testers reach out to their Researchers for more information on how they handle their personal data for these purposes.
For conducting the Project on the platform:
Researchers are the data controller of any personal data shared by Testers (i.e. Registered Testers and External Testers) for conducting the Project on the platform and Contentsquare Group is the data processor of personal data on behalf of the Researchers. We recommend that Testers reach out to their Researchers for more information on how they handle their personal data for this purpose.
How and what types of personal data is processed on Interviews & User Tests?
If you recruit an External Tester for your Project:
Personal data entered by the External Tester during the booking process will be shared with you. This includes External Tester’s name, email address and any additional personal data the External Tester might have provided in the screener.
You can run Interviews with video calls on our platform, or on a third-party video platform. In the latter case, please note that we don’t store nor have access to any recording, data, notes of the session.
Here's what you will see when an External Tester sign up to be a part of your Project:
During the Interview
During the Interview, we collect the following personal data:
Recording content, including:
- Video recording of video, audio, and screen sharing
- Audio recording
- Textfile document of all in meeting chats and notes
- Audio transcript text file
- In-meeting Questions & Answers, polls, and survey information
Interview information about you and your Participants, including:
- Name and contact details
- Scheduled time for an Interview
- Topic names
Interviews are conducted by the Researcher as video calls through the platform, or through a third party tool. In the latter case, we don’t store nor have access to recording content, Interview’s information or notes.
Consent for recording the Interview
When a Tester books a session, the Tester gives their consent to create an audio and video recording of the upcoming session. They can withdraw their consent before the session at any time by canceling the session.
Interview review
After the Interview, we collect the following data: your Interview and Participant rating, your review (optional).
If you choose a Registered Tester for your Project:
To participate in your Project, Registered Testers need to register their account with us by sharing their personal data, including: name, contact details, country of residence, nationality, age, gender, marital status, job title, mobile device (“Profile”). You can invite Registered Testers to Interviews based on their Profile information that we share with you.
Tester’s Profile is hidden from other Testers and by default, from Researchers. If a Tester chooses to respond to an Interview invitation, we ask them to explicitly consent to sharing their Profile with you.
You can run Interviews with video calls on our platform, or on a third-party video platform. In the latter case, please note that we don’t store nor have access to any recording, data, notes of the session.
Successful Interview bookings
If a Tester accepts an Interview invitation and books a calendar spot for the Interview, Tester’s full Profile will be shared with you.
Here's what you will see:
Interview invitations with screener questions
If an invitation includes a form with further questions for you to determine if a Registered Tester is a good match for the Project (a “Screener”), but the Registered Tester does not pass the Screener, you won't be able to see the Registered Tester’s contact information:
You may contact the Registered Tester through Interviews & User Tests to participate in the Interview even though the Registered Tester didn't pass the Screener. If the Tester chooses to accept, the Tester’s full Profile will be shared with you as seen on the first image above.
During the Interview
During the Interview, we collect the following personal data:
Recording content, including:
Video recording of video, audio, and screen sharing
Audio recording
Textfile document of all in meeting chats and notes
Audio transcript text file
In-meeting Questions & Answers, polls, and survey information
Interview information about you and your Participants, including:
Name and contact details
Scheduled time for an Interview
Topic names
Interviews are conducted by the Researcher as video calls through the platform, or through a third party tool. In the latter case, we don’t store nor have access to recording content, Interview’s information or notes.
Consent for recording the Interview
When a Tester books a session, the Tester gives their consent to create an audio and video recording of the upcoming session. They can withdraw their consent before the session at any time by canceling the session.
Interview review
After the Interview, we collect the following data: your Interview and Participant rating, your review (optional).
What is the retention for personal data processed on Interviews & User Tests?
All recording content and interview information are deleted automatically 2 years after the date of the Interview to enable the Researcher to analyze and gain insights from the Interview.
For more information about our data retention policy, please see here.
Do we use sub-processors for Interviews & User Tests?
Yes. Contentsquare Group uses sub-processors for Interviews & User Tests. These sub-processors are affiliates of Contentsquare Group as well as third-party service providers.
Contentsquare Group’s current sub-processors for Interviews & User Tests are listed here.
We have entered into a data processing agreement with our sub-processors, ensuring that they are contractually bound by confidentiality obligations and comply with strict standards of data protection.
The use of these sub-processors may involve the transfer of personal data outside the EU. For more information, please refer to the question below.
Where is personal data processed on Interviews & User Tests stored? Do we process personal data outside the EU?
Personal data processed in Interviews & User Tests is stored in the EU (primary: AWS-EU-West-1 and AWS-EU-Central-1 as a backup).However, our affiliated companies outside the EU may access personal data for the purpose of providing our follow-the-sun 24/7 support to you. Personal data would be accessed only and not stored in these regions (personal data will remain stored in the EU).
How are data subjects’ requests handled by Contentsquare Group?
Contentsquare Group has launched a portal for managing data subject requests (“DSR”) to help our Customers respond to data subjects within the legal deadlines. Therefore, if you receive a DSR for personal data processed in Interviews & User Tests, you can forward it to Contentsquare Group via our DSR portal.
Testers can also reach out to us via the portal above for exercising their rights (e.g. right to access, delete, rectify) for any personal data shared with Contentsquare Group.
Do you need to enter into a Data Processing Agreement (“DPA”) with Contentsquare Group for these services? Why?
Yes. The DPA establishes the rules under which Contentsquare Group processes Tester’s personal data on behalf of our Customers as part of the Project.
It deals with the services provided by Contentsquare Group and is part of the agreement signed between Contentsquare Group’s affiliate and its Customers.
When are you notified in the event of a personal data breach?
In the event of a breach affecting personal data handled on behalf of our Customers, Contentsquare Group notifies you without undue delay after becoming aware of it, in accordance with applicable data protection laws and our incident management policy.
What is Contentsquare Group doing to ensure that it is compliant with applicable Data Protection Laws, such as GDPR and CCPA?
Contentsquare Group has implemented a global privacy compliance program to comply with applicable data protection laws, which include the following:
- Appointing a Data Protection Officer and Chief Information Security Officer for the group;
- Implementing a data subject request portal (here) and procedure;
- Implementing policies (data retention policy, incident management policy, vendor management policy, etc.);
- Implementing appropriate security measures;
- Signing a DPA with our processors, sub-processors and Customers.
For more information about our privacy practices, please visit our privacy page here.