Effective Date: 2017-10-10
Updated at 2025-05-01
This Data Processing Agreement (“Agreement”) is an integral part of the Terms of Use and governs the processing of personal data by Attention Insight, UAB, registration number 304999911, registered address Kareivių str. 19-78, Vilnius, Lithuania (“Processor”) on behalf of the entity or individual that has accepted this Agreement upon creating an account (“Controller”), both together hereinafter referred as the Parties, and separately as the Party.
For the purposes of this Agreement, the Controller refers to the entity or individual that a user (“User”), as explained in the Terms of Use, represents. This includes an agency, business or corporate brand, or the user acting in an individual capacity (such as a solopreneur or freelancer).
By creating an account and using the services provided by the Processor, the Controller agrees to be bound by the terms of this Agreement. This Agreement ensures compliance with applicable data protection laws and sets out the obligations of both Parties regarding the processing of personal data.
ANNEX NO. 1
DATA PROCESSING DESCRIPTION
Subject Matter | Provision of services as described in Terms of Use. |
Nature of Processing | Processing activities may include collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. Other details of the functions performed by Processor are described in the Terms of Use. |
Purpose of Processing | The purpose of data processing is to provide Controller with Attention Insight Predictive Eyetracking (a service predicting what will draw attention in images and videos), the Attention Insight Platform (a service allowing to store, organize, share, and receive content from multiple sources), and additional features and functionalities as described in the Terms of Use. |
Categories of Personal data | ● Content Data – images, videos, and other media uploaded to the Attention Insight Platform for predictive eyetracking analysis and content management, content type (landing, e-commerce, news and media, others), analysis title, project data, analysis type; ● Analytical Data – attention heatmaps, focus maps, contrast maps, clarity score, focus score, percentage of attention, hotspots and similar insights generated through the predictive eyetracking analysis; ● Technical and Usage Data – data automatically collected during service usage as necessary for the provision of services under Terms of Use, including IP addresses, device identifiers, browser type, operating system, and interaction logs with the platform; ● Third-Party Integration Data – data exchanged with external platforms when users connect third-party services to the Attention Insight Platform, e.g., AI-generated suggestions for content improvement. ● Other Data that may be necessary for the provision of services under Terms of Use. No sensitive data is intended to be processed under this Agreement. |
Categories of Data Subjects | Users; individuals whose images, videos, or other content are analyzed using the predictive eyetracking service, where such content includes identifiable personal data. |
Duration of Processing | Data is retained for as long as a User account is active. Users have the option to set duration for storing images, videos and related analysis data in the Processor’s system, the specified time period schedules automatic removal of each data unit once that period expires. Provided options are: do not delete, 1 day, 1 week, 1 month, 3 months, 6 months, 12 months. |
Frequency of the Transfer | Where the transfer as defined in Section 6 of the Agreement takes place, the frequency of the transfer can be both – a one-off or continuous basis depending on the use of the Processor’s services by the Controller. |
ANNEX NO. 2
LIST OF SUB-PROCESSORS
Processor uses of the following Sub-Processors:
Company | Address | Purpose | Transfers Outside the European Economic Area |
Google Cloud EMEA Limited | Ireland; Velasco Clanwilliam Place Dublin 2 | Cloud, identity, corporate email, office suite and website traffic analysis provider | N/A |
Slack Technologies Limited | Ireland; 4th Floor, One Park Place Hatch Street Upper Dublin 2 | Internal communication tool with notifications related customers activity | N/A |
Sentry.io | 45 Fremont Street, 8th Floor, San Francisco, CA 94105-2250, USA | Web application error collections | Transfers are performed on the basis of European Commission adequacy decision regarding EU-U.S. Data Privacy Framework. |
Intercom R&D Unlimited Company | Ireland; 18-21 St. Stephen’s Green Dublin 2 | Customer support chat, communication via email, and knowledge base | N/A |
Cloudflare, Inc. | United States; 101 Townsend St., San Francisco, California 94107 | Content Delivery Network (CDN) and Web Application Firewall services provider. | Transfers are performed on the basis of European Commission adequacy decision regarding EU-U.S. Data Privacy Framework. |
OpenAI Ireland Ltd | 1st Floor, The Liffey Trust Centre, 117-126 Sheriff Street Upper, Dublin 1, D01 YC43, Ireland | Image visual analysis | N/A |
Hotjar Limited | Dragonara Business Centre 5th Floor, Dragonara Road, Paceville St Julian’s STJ 3141 Malta | Web screen recording | N/A |
UserPilot | 17350 State Hwy 249, Ste 220 #20190, Houston, TX, USA 77064 | User onboarding in the platform | Transfers are performed on the basis of European Commission adequacy decision regarding EU-U.S. Data Privacy Framework. |
MessageBird B.V. | Postbus 14674, 1001 LD Amsterdam, the Netherlands | Web application notifications | N/A |
Sinch Sweden AB | Sinch Sweden AB, Legal Dept. Lindhagensgatan 112, 112 51 Stockholm, Sweden | Mailgun – sending email notifications | N/A |
ANNEX NO. 3
ORGANISATIONAL AND TECHNICAL SECURITY MEASURES
2. PEOPLE CONTROL MEASURES
3. PHYSICAL CONTROLS
4. TECHNOLOGICAL CONTROLS