At Conjura, we are committed to protecting and respecting data protection and privacy rights. Please take a moment to read this Privacy Statement to find out more about why and how we collect, process and use personal information.

Who we are

Corbett Quilty Limited trading as Conjura (“Conjura”) and located at Block 9 & 10, Belfield Office Park, Clonskeagh, Dublin 4.

When processing personal data, Conjura acts as a data processor for companies (our “Clients”) that request Conjura to provide them with Services. Our Clients provide products and services to their customers, being living individuals or data subjects (the “End Users”). Our Clients are the data controllers of the End Users’ personal data.

Data we process

As a data processor, Conjura processes the personal data which is provided to us by our Clients. Depending on the specific nature of the Services being provided, we will process the following personal information on behalf of our Clients:

  • End User / Customer IDs from web analytics platforms like Google Analytics. These IDs are numeric or alphanumeric IDs and on their own cannot identify a person.
  • Device Fingerprint IDs from web analytics platforms like Google Analytics.
  • End User / Customer IDs from Payment / CRM / E-commerce platforms. These IDs are numeric or alphanumeric IDs and on their own cannot identify a person.
  • End User / Customer names from Payment / CRM / E-commerce platforms.
  • End User / Customer email addresses from Payment / CRM / E-commerce platforms.
  • End User / Customer physical addresses from Payment / CRM / E-commerce platforms.

(collectively the “End User Data”).

Why we process personal data

Conjura uses End User Data to provide insights at an aggregated level for Clients. The End User Data is processed by Conjura only for the purpose of providing services to our Clients, including:

  • cleaning, formatting and joining End User Data in order to build dashboard insights for Clients;
  • providing aggregated data insights such as
    • Total marketing costs
    • Total revenue
    • Number of website sessions
    • Number of transactions
    • Website conversion rate by device
    • Marketing ROI by channel, campaign and device
    • Cost per transaction / cost per acquisition by channel, campaign and device
    • Long term value by channel
    • New .v. existing customer transaction volume

(collectively the “Services”).

The source of personal data

Conjura accesses End User Data via Application Programming Interfaces (“APIs”), (for example, the Google Analytics API), to which Clients give Conjura access in order to access the relevant End User Data. Conjura shall only process the End User Data in accordance with the documented instructions of Clients and for the purpose of providing the Services described in this Privacy Statement to the Clients. The documented instructions of our Clients is normally contained in the statement of work which we agree with them.

Sub-Processors

Conjura from time to time instructs services providers to provide services to Conjura. These service providers process End User Data on Conjura’s behalf and are therefore the Clients’ sub-processors (“Sub-Processors”). For example, we use the following Sub-Processors to help us deliver our Services:

  • Amazon Web Services
  • Tableau Online

Sub-Processors are bound by the same or equivalent terms to which the Conjura is bound with its Clients. Conjura will inform its Clients of the Sub-Processors that process End User Data on behalf of Conjura and Conjura will inform its Clients of any intended changes concerning the addition to, or replacement of, the Sub-Processors.

Conjura will give its Clients the opportunity to object to any changes to the Sub-Processors. Clients may reasonably object to Conjura’s replacement of a Sub-Processor or use of a new Sub-Processor by notifying Conjura in writing. Clients shall be deemed to have authorized the engagement of a Sub-Processor if the Client does not so object.

Data retention

In accordance with data protection principles, Conjura will not keep or store End User Data for any longer than is necessary. A core element of Conjura’s Services involves the comparison of current performance with historical performance. Conjura only retains the underlying data needed to generate these comparisons and insights for the duration of Conjura’s commercial relationship with our Clients, unless directed otherwise by our Clients.

Data Subject Rights

Conjura will notify Clients without undue delay if it receives:

  • a complaint or request from an End User or data subject relating to the Client’s data protection obligations; and / or
  • any other communication from End Users or data subjects relating directly or indirectly to the processing of End User Data on behalf of the Client; and / or
  • any communication from a data protection regulatory body relating to End User Data processed by Conjura on behalf of the Client.

Data security

Data security is of paramount importance for us. Conjura will always access End User Data via an encrypted connection, and the End User Data which Conjura accesses is stored on Amazon AWS servers located in Dublin, Ireland. While Amazon, as a leading cloud services provider, has security safeguards put in place, Conjura has implemented its own additional data and security safeguards, including:

  • Restricted network access to those databases, so they are not publicly reachable;
  • Encryption of specific End User Data in the database where necessary;
  • Encryption of the server disks themselves hosting the database using Advanced Encryption Standard (AES) 256 encryption provided by Amazon Relational Database Service (“RDS”); and
  • Access to Conjura’s servers only by Secure Shell (“SSH”) using RSA key encryption.
  • Ensuring that Conjura’s employees or personnel are authorised to process the End User Data and that they have committed themselves to maintaining the confidentiality of the End User Data and are under an appropriate statutory obligation of confidentiality in relation to such End User Data.

International data transfers

In some cases the personal data we collect from you might be processed outside the European Economic Area (“EEA”). These countries may not have the same protections for your personal data as the EEA has. However, we are obliged to ensure that the personal data that is processed by us and our suppliers outside of the EEA is protected in the same ways as it would be if it was processed within the EEA. There are therefore certain safeguards in place when your data is processed outside of the EEA.

We ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • your personal data is transferred to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission;
  • where your personal data is transferred to third party providers based in the US, data may be transferred to them if they have self-certified under the Privacy Shield framework in relation to the type of data being transferred, which requires them to provide similar protection to personal data shared between the EU and the US; and/or
  • appropriate derogations prescribed in data protection laws.

Please contact us using the contact details at the bottom of this document if you want further information on the countries to which personal data may be transferred and the specific mechanism used by us when transferring your personal data out of the EEA.

Data breaches

A data breach means any breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, End User Data transmitted, stored or otherwise processed by Conjura (a “Data Breach”). Conjura has implemented appropriate and technical measures in order to prevent the occurrence of any Data Breach. In the event however that a Data Breach does occur, Conjura shall take the following steps:

1. Discovery and Investigation of a Data Breach

When Conjura becomes aware of an actual or potential Data Breach, Conjura shall immediately implement its Data Breach Response Plan. In this regard, Conjura shall begin an investigation into the Data Breach.

As part of this investigation, a Conjura investigator will be responsible for the management of the Data Breach investigation, completion of a risk assessment, and coordinating with others in the organization as appropriate (e.g., administration, security incident response team, human resources, risk management, public relations, legal counsel, etc,). As part of the investigation, the investigator will conduct a risk assessment, and based on the results of the risk assessment, will begin the process of notifying any Clients affected by the Data Breach.

2. Notification to Clients

When Conjura becomes aware of a Data Breach, Conjura shall without undue delay notify any affected Clients of the Data Breach. Conjura will notify any affected Clients of the Data Breach via email and / or telephone.

3. Record of Data Breach

In respect of any Data Breach of which Conjura becomes aware, Conjura shall keep a record of the occurrence of that breach. Such record will contain:

  • A brief description of what happened, including the date of the Data Breach and the date / time of the discovery of the Data Breach, if known;
  • A description of the categories of personal data and categories of data subjects that were involved, if known;
  • Any effect the Data Breach may have on End Users and any steps End Users may need to take in order to protect them from potential harm resulting from the Data Breach; and
  • A brief description of the investigation carried out by Conjura and any remedial actions taken in order to mitigate harm to End Users, and to protect against further Data Breaches occurring in the future.

Changes to this privacy statement

This Privacy Statement was last updated on 22nd May 2018. Conjura may from time to time revise or amend this Privacy Statement. If any change to this Privacy Statement materially affects Clients or End Users, Conjura will send a notice to Clients to advise of such changes and allow Clients a reasonable time before any proposed changes take effect.

Contact us

Ronan McDonnell is our Head of Privacy. Any requests, queries or complaints in respect of Conjura’s processing of End User Data or in respect of this Privacy Statement can be directed to privacy@conjura.com.