Data Privacy

Crownpeak Technology Inc.(hereafter also referred to as “we”) takes the protection and security of the personal data of users of its website very seriously. We naturally comply with statutory regulations on data protection, treating both the personal and non-personal data of our users with the prescribed care. With this Privacy Policy, we inform you – in accordance with our statutory obligations – about the collection, processing and use of personal data both on and in connection with our website. Further, we explain to you how so-called usage data, which despite being not personally identifiable is still relevant, is collected and used.

I. Visiting our website

You can visit our website without entering or otherwise sending any personal data at all. During your visits to our Internet platform, we only collect and store personal data if you have actually disclosed it to us yourself (cf. Item II below).

When using our website, however, some data will always be collected - the so called usage data:

1. Cookies

Our website – like virtually all websites – sets so-called “session cookies”. Cookies are miniature files that are stored on your hard disc, specifically allocated to the browser you use, through which the party setting the cookie receives certain information. For instance, session cookies allow data to be retained that has been entered on a form and is subsequently needed again on other pages. After the respective session has ended, any such data that was generated during the session is removed; the session cookie is erased.

In the event that you want to stop cookies being used, your browser settings can be adjusted to prevent the acceptance and storage of new cookies. Browser settings can also be adjusted such that before any cookies are set, you will be asked whether you agree to this being done. Finally, any cookies already set can be erased at any time. If you want to find out how to do this with your particular browser, you can refer to the explanatory notes in the browser’s “help” section. Please remember that if you do not allow cookies or constantly erase them, you may find that you only have restricted use of our website.

2. Web analytics

2.1 Method and purpose

We use web analytics tools on our website to analyse data traffic. For instance, we learn from such web analytics tools which pages on our website are visited particularly frequently, at what times our website is used most, whether users find us with the help of search engines or more through hyperlinks installed on other websites, how many pages are called up on average, from which countries and places in the world users visit our website, and statistics on the browsers and operating systems that are most frequently used by our users.

The data containing such information is cumulatively optimised in statistical terms, not in relation to individual users. The statistical information thus obtained helps us to get a clearer understanding of how visitors use our website. We use it continuously to make technical and editorial improvements and to enhance the look-and-feel of our website and make it more convenient for users. The statistical information we get on the browsers and operating systems that are used also enables us to optimise our web design accordingly.

The tools that are used for web analytics are explained below. If you do not agree to your usage data being stored and used by the respective tool as described below, you can deactivate collection of the data by following the instructions given below, thus actively indicating that you object to the collection and use of data for web analytics purposes.

2.2 Tools used

2.2.1 Google Analytics

We use Google Analytics, a web analytics service provided by Google Inc. (“Google”) based in the USA. Google Analytics also uses cookies (see above for information on cookies). The information about your use of the website that is generated by the cookie is generally transferred to one of Google’s servers in the USA, where it is stored. Since an IP-address anonymizer enabled by Google is activated on our website, your IP-address is first of all abbreviated by Google in countries inside the European Union (EU) or belonging to the European Economic Area (EEA); only in exceptional cases is the full IP-address transferred straight to a server used by Google in the USA and subsequently abbreviated there.

Under instructions from Crownpeak Technology Inc., Google will use this information to analyse your use of the website, to compile reports on activities on the website, and to provide the website operator with further services relating to use of the platform and internet usage. The IP-address transferred by your browser when Google Analytics is used is not linked up to any other data held by Google.

Further information on Google Inc. and Google Analytics can be found at:

2.2.3 Pardot

Pardot is a web analytics service operated by Salesforce., based in California. Pardot also uses cookies from time to time, whereby so-called “web beacon” technology may be used here as well. Like other web analytics tools, Pardot records specific usage data such as:

  • Browser type / version
  • Click stream (i.e. the pages on our website that you have visited)
  • The time you spent on each page
  • Date and time of first and last request
  • Company DNS name
  • City and country

As long as you as a user have not entered any personal data on or through our website (e.g. for looking up materials, subscribing to our newsletter, etc.), Pardot merely serves the same purposes for Crownpeak as Google Analytics and indicates web trends. We only make further use of any data collected if you have actively entered your personal data and if you have issued us with a declaration of consent (see Item II).

Further information on Pardot can be found at:

2.2.4 Hotjar

This website uses, a web analysis tool developed by Hotjar Ltd, Level 2, to anonymously record the interactions of individual visitors with the website.

This results in a log of mouse movements and clicks, for example, with the aim of showing improvement possibilities for the respective website. In addition, information on the operating system, browser, incoming and outgoing links, geographical origin, as well as resolution and type of device are evaluated for statistical purposes.

This information is not personal and will not be shared with third parties. When you visit a Hotjar-based Web site, you may opt out of Hotjar collecting your information at any time by going to our opt-out page and clicking 'Opt Out Hotjar' or enabling 'Do Not Track (DNT)' in your browser. More information about Hotjar's privacy policy can be found here.

2.2.5 Drift

Drift collects, processes and stores Personal Data about people who chat with the Customer via Drift or who reply to the Customer’s email marketing campaigns, only as directed by the Customer. Drift does not sell any Contact Data collected on behalf of the Customer or market Drift Services to the Customer’s site visitors.

Categories of Data Subjects:

Customer’s end-user customers or prospects

Customer’s employees or other authorized users or administrators of Drift

Categories of Personal Data:

  • Name
  • Contact information (company, business email address and phone number)
  • IP Address*
  • Cookie Data**
  • Photographs (we will use photographs of Customer employees if the Customer is routing the chats to them after bot qualification)

*Drift will only use the IP address for data enrichment, i.e. to determine if it is associated with a business and then give you additional information re: that business such as industry and # of employees).

**Drift will only use cookies to track the activities of your site visitors within your site, e.g. whether they visited a particular product page or the pricing page before engaging with the messaging widget. Drift will NOT track users across domains or build profiles.

2.2.6 Twentrythree

Twentythree is used by us to display our videos and to measure and analyze the performance of those videos. We also use Twentythree to give you easy access to our videos using embedded forms. Twentythree collects the following data:

  • email address
  • First name and surname
  • telephone number
  • Address, State, Province, Postcode, City
  • IP address
  • Company data such as turnover, turnover, address and central information.
  • Cookies and usage data

We use the collected data to reach you with newsletters, marketing or advertising campaigns, information material and other information that may be of interest to you. You may unsubscribe from any or all of these communications at any time using the unsubscribe link or instructions contained in any email we send.

2.3 Excluding web analytics; your right to object

You have the right to object to your usage data being collected for web analytics purposes. To this end, you can prevent the data that is generated by the cookies and relates to your usage of the website (including your IP-address) from being collected and processed by taking the following steps:

2.3.1 Google Analytics

Download and install the browser add-on provided at the following link:

2.3.2 Pardot

To prevent Pardot from doing any further web analytics, please click here and change the setting to “Opt Out”.

This sets an opt-out cookie that prevents any further web analytics. Data, if any, is then only collected from the web beacons used, but such data can no longer be combined with the information generated by cookies for the specific browser; it is therefore anonymous and cannot be used for creating a user profile.

2.4 Maintaining opt-out status

The web analytics tools remain deactivated as long as the add-on is not deactivated or deleted, or as long as the opt-out cookie is not removed. Do not therefore erase the add-on or the cookie as long as you do not wish either form of web analytics to be done. The add-on and the opt-out cookie are set for each individual browser or device; so if you visit our website with different browsers or on different devices, you will have to install the add-on and/or set the opt-out cookie separately for each one.

2.5 Targeting/Advertising

Crownpeak uses third party cookies from external websites (including: LinkedIn, Facebook, Twitter, Xing, Google Adwords) to serve you with information that may be relevant to you and your interests. The information may also be used for frequency capping purposes (e.g., to ensure we do not display the same advertisement to you repeatedly) and to help us regulate the advertisements you receive and measure their effectiveness.

Further information about the LinkedIn Insight-Tag can be found here:

LinkedIn Insight GDPR

II. Personal Data

1. Data Privacy

When making an online reservation, your connection and reservation data is stored with Etzensperger Informatik AG, Kirchweg 24, CH-3366 Bettenhausen in Switzerland. The company provides the online reservation system edoobox and guarantees the confidentiality of the data in the system. By submitting an online reservation, you agree that your connection and reservation data may be processed by Etzensperger Informatik AG. The reservation and connection data is stored and processed exclusively to secure system security and in contractual performance of the reservation agreement with Crownpeak Technology Inc. Should you not wish to have your data processed by Etzensperger Informatik AG, you may send us your reservation by mail or fax.

A separate Privacy Policy applies for our Community.

2. Use of personal data

2.1 Basic principle

We only use the data to meet your own requests (for example the email address to send you the newsletter). Only if you have issued us with a separate declaration of consent will we link up the personal data you have provided with the usage data collected by Eloqua, so that we can adapt our website to fit your needs and specifically draw your attention to points of interest.

In addition, by submitting your e-mail address, you allow us to contact you personally and to inform you about services and products of Crownpeak Technology Inc.. This does not apply to our newsletter and event invitations, for which we require your separate consent.

2.2 Unsubscription

If you have provided Crownpeak Technology Inc. with your e-mail address for the purpose of obtaining information, but now explicitly no longer wish to receive this information electronically, please simply unsubscribe from any further communication.

III. Right to receive information, right to have data corrected and deleted

We will inform you at any time on request whether we have stored any of your personal data, and if so which data relating to your person we have stored. You can also at any time ask us to correct, block or delete your personal data; to do this, simply contact us at the following address: The only data which may not be deleted is data that we need for handling outstanding assignments or for asserting our rights and making claims, and data which we are obliged to retain by law; such data will then be blocked.

IV. Declaration of Consent Demo-Instance

Agreement concerning non-disclosure of confidential information and regulations on handling personal data in the context of providing a demo instance


By using work computers and business addresses to log into the FirstSpirit test environment, the prospective partner’s employees are acting on behalf of and on the instruction of the company referred to above. This is legitimized by Section 26 of the German Federal Data Protection Act (BDSG) and is being carried out for the purpose of forming a contract between the prospective partner and Crownpeak. Within this context, the two parties must conclude a processing contract in accordance with Section 28 of the GDPR, as Crownpeak is using the prospective partner’s data on the instruction of the prospective partner in accordance with Article 6 (1) b) of the GDPR, and not for its own purposes.

In order to discuss the possibility of the parties working together, Crownpeak is required to provide the prospective partner with confidential information. For this reason, the parties are hereby concluding an agreement concerning non-disclosure of confidential information.

1. Confidential information and documents

1.1. Confidential information refers to any information and documents identified as confidential, including items that contain confidential information (such as data storage media or documents of any kind that can be read by machines or persons). The parties hereby agree that the following information and documents pertaining to Crownpeak, the customer, or the customer’s project is/are in particular considered confidential information, even if there are any cases which it/they have not been identified as confidential:

  • Company and trade secrets
  • Balance sheets
  • Strategies, particularly marketing strategies and measures taken by the customer
  • Customer lists and price lists
  • Creditworthiness
  • Working methods and techniques
  • Access details, passwords
  • Technical data or features of services and products, such as performance specifications of services to be produced or rendered
  • Designs and sounds
  • Customer data and user data
  • Infringements of competition
  • The content of this agreement

The prospective partner shall be granted access to a demo environment whose content shall be confidential.

The non-disclosure obligations also apply to any information that is particularly relevant to persons working at Crownpeak.

1.2. Information communicated verbally shall be considered confidential if it was identified as confidential at the point when it was communicated and is subsequently confirmed to be confidential in writing.

1.3. If Crownpeak makes information that it has identified as confidential publicly available, or if this information is widely known or a third party makes it known to the prospective partner in a lawful way, the non-disclosure obligations shall not apply to this information.

2. Non-disclosure

2.1. The prospective partner must handle confidential information in strict confidence indefinitely, even after the purpose of this agreement has been achieved or this agreement has come to an end.

2.2 In particular, the prospective partner shall undertake to

2.2.1. store confidential information in a location protected from access by third parties

2.2.2. only use confidential information to the extent required by the parties’ work with one another

2.2.3. refrain from disclosing confidential information to third parties, or making it known to third parties in any other way, including verbally, without the written consent of Crownpeak

2.2.4. ensure that confidential documents it has given to employees or consultants are returned to the prospective partner when the employment relationship comes to an end or the purpose of the consulting has been achieved

2.2.5. make a record of any copies of confidential documents that are made for the purpose of giving them to employees or consultants

2.2.6. ensure that the duties arising from this confidentiality agreement are upheld by all employees and consultants, and provide evidence of this on Crownpeak's request by presenting written agreements

2.2.7. either return to Crownpeak or destroy confidential information, and any items on which confidential information is located or stored, as soon as this agreement has come to an end, no contract is formed, or a contract comes to an end; records must be kept of any instances of destruction

3. Categories of personal data, collection and storage of said data, and nature and purpose of processing

When you contact us for business reasons, we collect the following information from you:

  • First name, surname
  • E-mail address
  • Technical address details such as IP and MAC address

Processing is carried out on your request and, in accordance with Article 6 (1) b) of the GDPR, is required in order to fulfill the purpose of the agreement or take steps prior to entering into a contract. It would not be possible to proceed without this data.

The personal data that is collected shall be erased when the demo instance expires.

4. Transferring data to this parties

The aforementioned data shall only be transferred for the aforementioned purposes. Your data shall only be transferred to third parties on the aforementioned legal bases. The controller intends to transfer your data to a third country or an international organization. The transferred data may only be processed by third parties for the aforementioned purposes. In particular, your data shall be transferred to the following body for the following purposes:

Amazon Web Services Inc.
410 Terry Avenue North
Seattle, WA 98109-5210 USA

In the case of cloud services used by Crownpeak
The location in which editorial data is stored depends on the contract (EU or NON-EU).
Login data is stored in the EU and replicated in NON-EU countries.

Satisfactory guarantees of legally compliant processing have been obtained and may be requested via e-mail.

These include:

  • Technical and organizational measures taken by Crownpeak
  • ISO 27001:2013 certification for Crownpeak (TÜV Rheinland, registration no. 01 153 1800399)
  • DPA from AWS

5. Distinctions between responsibilities:

Editorial data versus personal system data

The FirstSpirit content management system stores data and documents that can be published internally or externally on various publication channels. The nature and scope of this editorial data, as it is known, depends on the purpose for which the product is being used.

Crownpeak expressly notes that it is the prospective partner’s responsibility to check whether editorial data contains personal data and take appropriate measures to safeguard it.

In addition to editorial data, the content management system stores personal data (primarily contact details of editors) that is used at various points – in the version history or in release workflows, for instance – to make contact with an editor of a page or section where necessary. This data is referred to as “personal system data”.

6. Miscellaneous

6.1. All confidential information and documents are and shall remain the property of Crownpeak. By passing confidential information on to the prospective partner, Crownpeak is not granting the prospective partner any express or indirect rights to patents, copyrights, trademark rights, or trade secrets. This applies even in cases where a contract is awarded to the prospective partner; the prospective partner is obligated to transfer to Crownpeak any property rights that it has obtained through processing and development in such cases, without any restrictions.

After giving appropriate notice, Crownpeak may visit the prospective partner’s business premises during standard business hours in order to check that the prospective partner is fulfilling the provisions of this agreement.

6.2. The prospective partner shall return all original documents, plus copies, reproductions, and summaries of confidential information or documents at Crownpeak's request, or it shall destroy them at Crownpeak's request.

6.3. Any additional verbal agreements either do not exist or are only valid if they have been confirmed as part of a written additional agreement that has been signed by both parties.

6.4. If any parts of this agreement are not legally valid, this shall not affect the legal validity of the remaining provisions. The invalid provisions shall be replaced with legally valid provisions that come as close as possible to the intended commercial purpose of the invalid provisions. German law applies to the exclusion of German private international law and the United Nations Convention on Contracts for the International Sale of Goods. The place of jurisdiction for all disputes resulting from this agreement is Dortmund.

6.5 The rights of data subjects apply in accordance with the GDPR.

6.6 If your personal data has been collected on the basis of the legitimate interests pursued by the controller (Article 6 (1) f) of the GDPR), you have the right to object to processing. All you need to do in order to exercise this right is send an e-mail to

V. Links to other websites

Our website may contain links to websites operated by other providers who are not in any way connected with ourselves (“third parties”). If you click on these links, we no longer have any influence over the data that is collected by the third party or the way it is used. Closer information about the collection and use of data in such cases can be obtained by referring to the respective provider’s privacy policy. Since the collection and processing of data by third parties is naturally beyond our control, we will not assume any responsibility for it.

Last update: April 2020

Last update: April 2020

Last update: April 2020

Last update: April 2020

Last update: April 2020

Last update: April 2020

Last update: April 2020

Last update: April 2020

Last update: April 2020

Last update: April 2020

Last update: April 2020

Last update: April 2020

Last update: April 2020