Last edited on October 1, 2019
Cxense ASA and its wholly-owned subsidiaries (“Cxense”) is an Oslo-headquartered technology company. We help our customers (“Customers”) to transform their own raw data into their most valuable resource. Cxense's leading Data Management Platform (“DMP”) with Intelligent Personalization, gives companies unprecedented insight into their individual customers, and enables them to action this insight real-time, in all marketing and sales channels. Cxense Conversion Engine (“CCE”) empowers Customers to monetize insight into their audience's behaviour and preferences in order to increase subscription revenues.
If you are interested in learning about how we collect, use, and disclose information through the Cxense technology services described above (the “Platform”), this platform privacy notice (“Privacy Notice”) should give you all the information you need
If you are interested in learning how we collect, use, and disclose information through other corporate activities, such as on our corporate website, cxense.com (our “Website”), please click here
We may update this Privacy Notice by posting an updated version on this page. If you are a Customer of Cxense, then you will receive notice when this Privacy Notice is modified. We encourage you to periodically review this Privacy Notice.
What is the purpose of this document?
This document provides information about our Service and describes how we collect, use, share and otherwise process information.
Our goal is to be transparent about our business by describing our technology and services in simple terms so that you can understand our practices. We know this is complicated, so if you have any questions about this information, please contact us
1. BACKGROUND INFORMATION
What is the Cxense Platform (or the “Platform”)?
When we refer to the Cxense "Platform," we are describing the technology used by our Customers’ websites and mobile apps to increase reader engagement, convert readers to new products, and to re-engage readers when their interest drops.
We provide a number of customer facing applications to achieve this:
Cxense Data Management Platform (“DMP”)
Cxense Conversion Engine (“CCE”)
Cxense Insight (“Insight”)
Cxense Content (“Content”)
The applications listed above are used by employees of our customers, and not by our customers’ readers
The platform also refers to our underlying infrastructure components, which includes, but is not limited to the following:
Databases and file storage (“Data Platform”) - not to be confused with the DMP
APIs (1st party data APIs, Real Time APIs, Application GUI APIs)
Extract Transform & Load (“ETL”)
What do we mean by Platform Data?
The Platform is designed to use certain types of information, that all together we call Platform Data, which includes:
Information sent to or uploaded to our Platform by our customers which may include information about you, such as device identifiers, and your device location
Information sent to or uploaded to our Platform by our clients and partners that ties unique device identifier(s) to perceived interests and behavior (e.g., women, ages 40-59), which may include information about you
See "What Information we collect and use" for more details on the type of information we include in Platform Data.
For EEA Internet Users, the meaning of "Personal Data" under the General Data Protection Regulation and what this means for Platform Data
"Personal Data" is defined as any data relating to a living individual who can be identified directly from that data, or indirectly in conjunction with other information. It can take the form of a name or address, and can extend to unique identifiers, IP addresses and other identifiers which do not tell us who an Internet user is in the "real world" but may, when combined with other information, allow the identification of a living individual.
We do not collect personal data that identifies you as an individual in the "real world." When you (an Internet user) visit a Digital Property that has integrated our technology or that uses technology that integrates with our Platform, we do not know your name or email address or other information that directly identifies you. We take care to ensure that we do not collect any information that tells us who you are.
Instead, when you first visit a Digital Property that has integrated our technology, this triggers a request to our Platform to collect data for analytical purposes, load recommended content or measure information about the usage of what is currently viewed. When this occurs, we assign a random unique identifier (a Digital Identifier) a "Cxense ID," to your browser or device, which allows the Platform to automatically recognize your browser or device the next time it visits another Digital Property that has integrated our technology. This type of "pseudonymous data" is defined as "Personal Data" under the GDPR.
This allows our clients and certain third party provider to sync their own Digital Identifiers against this Cxense ID so that our clients and certain third party provider can use their own data on the Platform that they may have associated with their own Digital Identifiers.
Cookie use by the Platform
The Platform generates unique identifiers for web browsers and stores those identifiers via cookies and/or other means, such as “local storage”
The Platform on mobile, OTT and other native applications uses identification standards, when available, provided by the respective platforms, such as IDFA and AAID.
The Platform uses unique identifiers to distinguish between unique devices. This is used to store data for analytics, analysis of user audience segments for analytics and advertising, and content recommendations.
The Platform uses unique identifiers to store and manage reporting data for clients, such as, for example, the aggregated traffic details for particular URLs, unique user calculations for a given web page, tracking individual device traffic and for giving back to the device user and a selection of content that is determined to be interesting to them.
The Platform uses non-unique identifiers (stored in cookies or other means on the client) to store users' opt-out choices.
Cookies can play a role in Cross-Device linking in that cookies from different browsers or devices might be associated with each other.
Some browsers or other software may be configured to block 3rd party cookies, domains or content by default.
This privacy statement describes how Cxense collects, uses, shares or otherwise processes Platform Data. It may describe how Cxense enables or allows clients and third-party providers to use Platform Data, but otherwise does not apply to our clients' or other third parties' practices.
Companies using the Platform own their own data. That's part of what makes it a Platform.
What information does Cxense collect and use?
Cxense stores the Personal Data it receives from Customers pursuant to a legal contract containing binding obligations on Cxense, including limiting its processing of Personal Data only on instruction of the Customer and assisting the Customer in complying with its own obligations under applicable law. We may set additional rules for our Customers regarding how data is collected and used on the Service, but such data is collected and used subject to the individual privacy notice for each Customer.
The table below lists the data stored by Cxense. The way we capture and transmit this data is described here
|Device||Browser||Chrome, Firefox, Safari|
|Device||Browser language||en-us, en, ja-jp, ja, en-gb, no|
|Device||Browser version||Chrome 76, Firefox 67, Safari 12|
|Device||Color depth||24, 32|
|Device||Connection speed||Broadband, Mobile, XDSL|
|Device||Device type||Desktop, Mobile|
|Device||IP address* owner||Telenor norge AS, Orange UK|
|Device||Mobile brand||Apple, Huawei|
|Device||Operating system||Macintosh, Linux, iPhone OS, Android, Windows|
|Device||Screen resolution||2560x1440, 375x667|
|Location||City||Oslo, Tokyo, Singapore, Bangkok|
|Location||Country||no, jp, sg, be, th|
|Location||Metro Code||Oslo, Kanto, Lorenskog|
|Location||Postal Code||1270, 150-002|
|Location||Province||uk-gre, no-03, jp-13|
|Location||Region||Greenwich, Oslo, Akershus, Bruxelles-capitale|
|Location||Time zone offset||-60, -120, -540|
|Search query||Exit link query||“cake recipes”|
|Search query||Query||“cake recipes”|
|Search query||Referrer query||"cooking dinner"|
|Source & Destination||Exit link host||help.cxense.com, cxense.com|
|Source & Destination||Exit link URL||http://help.cxense.com/docs/contact-us|
|Source & Destination||Host||help.cxense.com|
|Source & Destination||Referrer classification||internal, direct, other, social, search|
|Source & Destination||Referrer host||google.com, yahoo.com, lnkd.in, linkedin.com|
|Source & Destination||Referrer search engine|
|Source & Destination||Referrer social network||Linkedin, Twitter|
|Source & Destination||Referrer URL||http://help.cxense.com/docs/what-do-we-do|
|Source & Destination||Site||1135174217507879744|
|Source & Destination||URL||http://help.cxense.com|
|1st party data||Age||25-34, 35-44, 18-24, 45-54|
|1st party data||Gender||male, female|
|1st party data||Member||Yes, No|
|1st party data||Subscriber||Yes, No|
|1st party data||Subscription type||Weekly, Monthly, Annual|
|Custom parameters||Site’s own custom data||Article position, A/B test group, Load delay, IsSubscriber|
|Event type||Type||Impression, Click, Newsletter signup, Order successful, Purchase|
|Performance parameters||Site’s own custom data events||Conversion type, visibility event on viewing subscription banner|
|Site Content||Acronym||Major League Baseball|
|Site Content||Author||Ellis Kube|
|Site Content||Category||Sports, World, Science, Entertainment|
|Site Content||Classification||Travel, Careers, Pets|
|Site Content||Company||Bloomberg, Air France|
|Site Content||Concept||Police, Climate change, Gun violence|
|Site Content||Entity||White House|
|Site Content||Location||Chine, Hong Kong, US, London|
|Site Content||Page classification||Article, Front page|
|Site Content||Person||Greta Thunberg|
|Site Content||Taxonomy||articles/politics, articles/sports|
|User interest||Categories||News, Sport, Careers/Jobs, Politics, Lifestyle, Cars, Fashion, Food|
*IP addresses are collected and transmitted to Cxense, but we do not store the information on our servers
Mobile Device Identifiers
Cxense uses mobile device identifiers such as the Android Advertising ID and Apple iOS IDFA in connection with the Service where Customers ask Cxense to store this information collected via Customer Sites. Mobile device identifiers enable users to be uniquely identified, thus enabling the Service to store and provide ad targeting data to our Customers.
No Personal Data of Children
In accordance with industry standards and law, we do not knowingly collect, administer, or enable the commercial use of Personal Data relating to children less than 13 years of age (or 16 if the age of consent is higher in a particular country), or permit our Customers to provide us such data. If we become aware that a Customer has provided us with any Personal Data of children that would require compliance with applicable laws such as the Children's Online Privacy Protection Act of 1998 or Article 8 of the General Data Protection Regulation 2016/679 (“GDPR”), then we will delete this data from our databases.
No Sensitive or Special Categories of Data
We do not knowingly (or permit our Customers to use the Platform to) collect, use, or store sensitive or special categories of Personal Data, including the following:
Special categories of personal data as defined in Article 9 of the GDPR, including racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data uniquely identifying a natural person, or data concerning a person’s sex life or sexual orientation.
Sensitive data including Social Security Numbers or other Government-issued identity cards, financial account numbers, information about an individual's health or medical conditions or treatments, including genetic, genomic, and family medical history
Cxense collects Personal Data submitted to us directly through the Websites or mobile apps. Cxense offers the Service to Customers to collect Personal Data of visitors or users of their Customer Sites or mobile apps.
Cxense and its Customers use a number of different technologies to collect data and to operate the Platform, including any or all of the following:
Persistent cookies remain on a user’s device for the period of time specified in the cookie. They are activated each time that the user visits the website that created that particular cookie. The cookie expiry time is shown in the table below.
Session cookies allow website operators to link the actions of a user during a browser session. A browser session starts when a user opens the browser window and finishes when they close the browser window. Session cookies are created temporarily. Once you close the browser, all session cookies are deleted. Cxense cookies can be further categorized as “Performance” or “Targeting”
Performance cookies collect information about how you use a Customer Site and if you experience any errors. These cookies help our Customers: (i) improve how their Customer Sites work; (ii) understand the interests of their users, and (iii) measure the effectiveness of their advertising. We use performance cookies to:
Carry out web analytics: Provide statistics to our Customers on how their Customer Sites are used
Perform affiliate tracking: Provide feedback to affiliated entities that one of our visitors also visited their site
Obtain data on the number of users of a Customer Site that have viewed a product or service
Help our Customers improve the Customer Sites by measuring any errors that occur
Test different designs for the Service
Targeting cookies are used to track your visit to a Customer Site, as well other websites, apps and online services, including the pages you have visited and the links you have followed, which allows our Customers to display targeted ads to you on a Customer Site using the Service. We may use targeting cookies to:
Display targeted ads within the Customer Sites.
To improve how a Customer delivers personalized ads and content to its users, and to measure the success of ad campaigns on the Customer Sites
Browser Local Storage
Web applications can store data locally within the user's browser via what is called “local storage”.
Unlike cookies, the storage limit is far larger and information is not automatically transferred to web servers via browser connections.
Local storage is per origin (per domain and protocol). All pages, from one origin, can store and access the same data.
Information stored in cookies and local storage
Two first-party site-specific cookies are set on the domain of the site, and are used to identify the user on your site both within a session and across sessions. These cookies are named cX_S and cX_P respectively. The corresponding localStorage entries are also set, named _cX_S and _cX_P respectively. The identifiers can be accessed both on the client side or the server side. On the client side, cX_P can be read out via the cX.getUserId() function call. On the server side, the cookies can be read via standard mechanisms, such as cX.getCookie("cX_P")
In addition, and if the client supports and allows it, two third-party cookies are set to enable the building of session and cross-session user profiles that span all sites in the Cxense network. These are named gcks and gckp respectively.
A cX_T cookie can in some rare cases be seen. It is only set briefly, and then immediately deleted. This cookie holds a random value and is just used to find the top-level domain of the site. For example, we use this cookie to find out that ibm.com is the top-level domain of www.ibm.com and that bbc.co.uk is the top-level domain of www.bbc.co.uk
The above cookies are always set when using Cxense services. In addition, when using particular services or particular features of those services, some additional cookies can be set:
When using DMP segments for ad targeting with third-party systems, the current segment identifiers that the current user is a member of is cached on the client using one local storage token:
|Cookie name||Type||Lifetime||Object||Domain||Cookie||Session||Site specific user session – single session||First|
|Cookie||365 days||Site specific user session – across sessions||First|
|Cookie & Local Storage||365 days||Global ID mapping different ids together into one ID||First|
|Cookie||Session||For building session information across all sites in the Cxense network||Third|
|Cookie||365 days||For building user profile information across all sites in the Cxense network||Third|
|Local Storage||No expiry||For recording consent||First|
|Local Storage||365 days||When using DMP segments for ad targeting with third-party systems - the list of segment identifiers||First|
|Cookie||Temporary||Set briefly, and then immediately deleted. This cookie holds a random value and is just used to find the top-level domain of the site||First|
|Local Storage||Session||Corresponding to the first party cookie ||First|
|Local Storage||365 days||Corresponding to the first party cookie ||First|
|Local Storage||Temporary||For non-Safari browsers, we record third-party IDs once per week. This represents the next time it should load after||First|
|Local Storage||Temporary||For Safari browsers, we record third-party IDs once per week. This represents the next time it should load after||First|
|Session Storage||Temporary||For session annotations||First|
|Local Storage||365 days||Records a third-party token for cross-site tracking||Third|
|Session Storage||Temporary||Keeps a log of how many cookie syncs were executed for each partner, in the form of ||First|
|Local Storage||No expiry||Intended to expire local storage. Local Storage does not expire by default. Local storage tokens match cookie expiration times||First|
|Cookie||Temporary||Used to throttle cookie syncs with ad partners. Optional (will be removed soon<)||First|
|Cookie||365 days||Optional tool to keep track of session start times||First|
|Cookie||Temporary||Records previous session time (similar to ||First|
Clear Gifs/Pixel Tags/Web Beacons
We also use clear gifs in connection with the Service, including on the Customer Sites. Clear gifs (also known as pixel tags or web beacons) are small strings of code that provide a method for delivering a graphic image on a web page or other document. In contrast to cookies, which are stored on a user's computer hard drive, clear gifs are embedded invisibly on web pages or in emails and are about the size of the period at the end of this sentence. Clear gifs may be used to obtain information about the computer or device being used to view a particular web page, such as the IP address of the computer or device to which the pixel tag is sent, the time it was sent, the computer or device’s operating system and browser type, and similar information.
Cxense provides mobile and OTT SDKs for the Android and iOS operating systems, as well as Smart TVs, AppleTV etc. These SDKs track similar events to those collected in web browsers and can provide similar services like which is available to web browsers
Similarly, our Customers may use similar technology provided by other companies on their own Customer Sites. The use of these technologies by our Customers are not covered by this Privacy Notice.
How is information sent to Cxense?
Our cx.js script collects various pieces of data, builds up a URL that encodes this information, and sends this back to the Cxense platform by making a standard HTTP request to the Cxense servers. This HTTP API can also be invoked directly by clients. The URL encodes the following parameters:
|Yes||1||To which version of the API is this requested targeted|
|Yes||pgv||What type of event is this? The value pgv denotes a page-view event.|
|No||0||The Cxense account identifier.|
|Yes||1234567890123||The Cxense site identifier.|
|Yes||http://www.yoursite.com/news/1||The URL of the page. Must be a syntactically valid URL, or else the event will be dropped.|
|No||http://www.yoursite.com/||The URL of the referring page.|
|No||The Cxense goal identifier. For future funnelling purposes.|
|No||The page name.|
|No||1473837694457||The local time on the client.|
|No||-120||The client's timezone.|
|No||1920x1080||The screen resolution. The format is "res=|
|No||1395x282||The initial browser window size: The format is "|
|No||24||Device color depth.Typically read from window.screen.colorDepth in a browser.|
|No||1||Device pixel ratio (the ratio between physical and virtual pixels). Typically read from window.devicePixelRatio in a browser.|
|Yes||it2kwr95mv0uxmh3||A random number, for cache-busting purposes and to uniquely identify a page-view request.|
|No||0||Is Java enabled?|
|No||en-US||The client's browser language.|
|No||it2kw3ldnxjc||The Cxense site-specific session cookie. Must be at least 16 characters long. Allowed characters: A-Z, a-z, 0-9, "_", "-", "+" and ".".|
|No||cx:pbad80kwtao0l1qyfh5vv7q7:2vaqowu49edjp||The global id that uniquely identifies the user in relation to other ids (ckp, etc.)|
|No||UTF-8||The document's character set.|
|No||1||Is Flash enabled?|
|No||Shockwave Flash 22.0 r0||Which version of Flash, if relevant?|
|No||0||Hint to indicate if this looks like a new user. Values: 0 or 1, e.g. "new=1" to indicate a new user.|
|No||Set a custom parameter "name=value" by adding a URL parameter with a "cp_" prefix and the same name and value as the wanted custom parameter. E.g. if you want to set " premiumPage: true", you add the URL parameter "cp_premiumPage=true". See the documentation for for more details on setting custom parameters. The recommended practice is to use for your parameter names. E.g. your customer prefix is "xyz", then add the URL parameter " cp_xyz-premiumPage=true ".|
|No||Set a user profile parameter "name=value" by adding a URL parameter with a "cp_u_" prefix and the same name and value as the wanted user profile parameter. E.g. if you want to set "sportsFan: true", you add the URL parameter "cp_u_sportsFan=true". See the documentation for more details on setting custom parameters.|
|No||The value of the first optional external user id, used for linking external user ids to Cxense users. 64 characters max length.|
|No||The type of the first optional external user id, used for linking external user ids to Cxense users. 10 characters max length.|
|No||The value of the second optional external user id (etc..)|
|No||The type of the second optional external user id (etc..)|
|No||Position altitude accuracy.|
|No||1473634205 (for 2016-09-11T22:50:05Z)||If the web page has a |
|No||y, pv, segment||Consent. A comma separated list with the following values: |
For what purposes do we use the collected information?
Our Customers typically use this data and our Service to improve and increase Customer Site usage and deliver targeted advertising campaigns on the Customer Sites and on other third party sites. For example, a Customer may use the Service to find former subscribers of a Customer Site and to deliver ads or offers that encourage those users to re-subscribe to the Customer Site.
Where our systems can reasonably infer that a particular computer and/or mobile device belong to the same user or household, we store such information in a user profile for use on the Platform. The data stored in a profile on our Platform may be combined with other third party data in order to better target advertisements, to enable Customers to better understand users across multiple computers and devices, and for ad delivery and reporting purposes.
How do we store information and how long is it kept for?
To facilitate our global operations and improve the performance of the Service, Cxense stores Personal Data provided by its Customers in data centers located in the US, Japan and Germany. As a result, Cxense may transfer your Personal Data to or from data centers in these locations.
Cxense employs a number of leading hosting providers to securely store Personal Data according to applicable law, including the following:
SoftLayer Technologies, Inc., 14001 Dallas Pkwy, Suite M100, Dallas TX 75240
Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany
Google Ireland, Ltd., Gordon House, Barrow St, Dublin 4, Ireland
Packet Host, Inc., 30 Vesey St, Floor 9, New York, NY 10007
CROSS BORDER TRANSFER
Notice to EEA/Switzerland Residents
Personal Data originating from the European Economic Area (“EEA”) or Switzerland that is transferred outside of the region by Cxense as described above is performed according to appropriate technical and legal safeguards, including the use of: (1) hosting providers in countries subject to a binding adequacy decision by the European Commission pursuant to Article 45(3) of the General Data Protection Regulation, and (2) binding transfer agreements containing standard contractual clauses annexed to the EU Commission Decision 2010/87/EU of 5 February 2010 for the Transfer of Personal Data to Processors established in Third Countries.
Cxense stores Personal Data you provide us directly so long as you continue to have a business relationship with us. You may ask us to delete that information by following the instructions above.
When a Customer terminates its relationship with us, Cxense removes all Personal Data provided from our systems within a reasonable time not exceeding sixty (60) days following such termination, but subject to our right to retain (i) copies of transactions between the Customer and Cxense, (ii) information relating to any dispute or potential fraud, and (iii) any additional information we need to keep to protect our legal rights or the rights of others.
Our cookies and similar tracking technologies expire six (6) months from the last time our systems encounter a particular computer or device. We do not use any cookie data that is more than twelve (12) months old for user profiling or targeting. After 12 months, we remove any unique identifiers and store the data for up to 3 years for analytics purposes. Upon request from some customers, we occasionally agree to extend the long term storage of data beyond 12 months.
Who do we share information with?
Cxense does not share Personal Data provided by a Customer using the Platform with other Customers of the Platform.
From time to time, Cxense engages with partners to perform services on behalf of our Customers who use the Platform.
Cxense may also disclose Personal Data if such disclosure is required for Cxense to comply with valid and binding legal requirements, to protect Cxense's rights or property (or that of our Customers), and/or where needed to protect personal safety. For example, Cxense may be required to disclose information in response to a subpoena or other legal process, when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request. In the event we are required to disclose information in response to legal process or a government request, we will attempt to notify affected users for which we have contact information and/or the Customer(s) affected to the extent we are legally permitted to do so.
Personal Data Provided by Our Customers
Please note that all Personal Data processed by us through the Service is provided to us by our Customers upon your consent or other legal basis. If you wish to exercise any of the above rights regarding your Personal Data provided to us by our Customers through the Service, please contact that Customer and/or review that Customer’s privacy notice for instructions. Cxense will respond in a timely fashion to all such requests received from its Customers regarding your Personal Data processed through the Service.
All users - ability to opt-out
Browser opt-out - Cxense offers the ability to opt out of processing as described above including the web browser opt-out solution for users who wish to opt-out here. If you choose to opt-out, Cxense deletes any targeting data it may have for your browser, and we will no longer enable our Customers to target that browser using our Service. You will likely still receive advertisements, but Cxense technology will have no input or impact on tailoring those ads to be more relevant to your interests. Please note that if you delete, block, or otherwise restrict cookies, or if you use a different computer, device or Internet browser, you will need to renew your opt-out choice. To the extent that a particular browser and a mobile device are linked via our Service, opting out will sever the link. If you choose to disable cookies, it may limit your use of certain features or functions on the Website and/or Customer Sites.
Mobile app opt-out - Cxense honors the mobile device settings for Android and Apple iOS devices. To exercise this opt-out, please visit the privacy settings of your Android or iOS device and select “limit ad tracking” (Apple iOS) or “opt-out of interest based ads” (Android). On devices where we see that such a selection has been made, we will not target that mobile device via the Service. To the extent that a particular browser and a mobile device are linked via our Service, opting out will sever the link.
While it is impossible to fully guarantee security, Cxense will provide appropriate technical and organizational measures to protect Personal Data, including taking commercially reasonable efforts in accordance with industry practices to protect data we collect from loss, alteration, destruction, misuse and unauthorized access or disclosure. We have policies to help maintain control and physical security of the facilities used to store data and only allow access to authorized personnel, restrict access to data to those employees, contractors and agents that have a need to know the information in order to provide and support our services. All Cxense employees and data subprocessors are bound by confidentiality obligations and may be subject to disciplinary or legal action if they fail to meet these responsibilities.
You have the right to revoke any consent given to us at any time. The legality of the processing until the time of revocation remains unaffected by this withdrawal. In exceptional cases, another legal basis might apply after the withdrawal of your consent. In such a case, the data controller will provide you with appropriate information. You have the right to access, correction, deletion or restriction of processing, the right to object to further processing, the right to data transfer and the right to lodge a complaint with the competent data protection supervisory authority
Please send your revocation and any requests for information or other requests to us. See “Contact Us” for details
If you have any questions about this Platform Privacy Notice or our treatment of your personal data, please write to us by email at email@example.com or by mail to:
Cxense ASA (FAO: Data Protection Officer)
Karenslyst Allé 4
The Data Protection Officer (DPO) of the controller is:
2b advice GmbH
Joseph Schumpeter Allee 25,
Phone: +49 (228) 926165 120
Any data subject may, at any time, contact our Data Protection Officer directly with all questions and suggestions concerning data protection