Table of Contents
- Key Definitions
- Information We Collect
- 3.1. Information Provided Directly by You
- 3.2. Information Received From Third Parties
- 3.3. Information Collected Automatically
- How We Use Your Personal Data
- How We Share Your Personal Data
- Data Retention
- How We Protect Your Personal Data
- Updating And Accessing Your Personal Data
- Country And State Specific Data Provacy Information
- Contact Information
2. Key Definitions
“European Data Protection Law” means the General Data Protection Regulation (EU) 2016/679 (GDPR) and applicable national legislation implementing the GDPR.
“Personal data” refers to any information relating to an identified or identifiable individual in the meaning of:
- The European Data Protection Law, for individuals (“data subjects”) in the European Economic Area (EEA) and the United Kingdom (UK) or when the European Data Protection Law otherwise applies;
- For individuals residing in the State of California, the California Consumer Privacy Act 2018 (CCPA);
- For individuals residing in other jurisdictions, the applicable legislation on personal data protection (e.g., LGPD – Lei Geral de Protecao de Dados in Brazil).
“Semrush”, “we”, “us” and/or “our” refers to Semrush Inc. and its Affiliates, unless specified otherwise.
“Services” refers to our Software as a Service professional service made available via our websites.
3. Information We Collect
We may collect data, including personal data, about you as you use our websites and Services or request our Services, and otherwise interact with us. Some of our website’s functionality can be used without providing any personal data, though for using some features of the Services, personal data is required. We process three broad categories of personal data:
- Information provided directly by you;
- Information received from third parties;
- Information collected automatically.
3.1. Information Provided Directly by You
3.1.1. Account registration
3.1.2. Communication with Semrush
We collect personal data that you voluntarily give us when you contact us with inquiries (including by filling out relevant forms on our websites), engage with our chat bot on the website, respond to one of our surveys, contact our customer support regarding a problem you are experiencing with the Services or otherwise contact us regarding the website or the Services.
We collect details of transactions you carry out using the Services including information you provide to enable us to fulfill your orders, which may include financial information such as your credit card number. As a paying user of the Services, we will receive your payment transaction details (for example, your name, the amount paid and the date of payment).
3.1.4. Payment Information
We collect payment and billing information when you register for certain paid Services. For example, upon registration we ask you to designate a billing representative, including name and contact information. You may also provide payment information, such as payment card details, which we collect via secure payment processing services. If you sign-up for a free trial account, you are not required to enter your credit card information unless and until you decide to continue with a paid subscription to the Services.
3.1.5. Additional Payment Information
You may choose to provide additional information such as your VAT, additional billing address or name of the entity that you represent.
3.1.6. Identity Verification
In some cases (for example if you request a refund) we may ask you to provide us information such as your billing information (name, transaction ID, last 4 digits of the credit card associated with the account, billing date, etc.), email address, login name, and if needed, information that verifies your identity, in accordance with applicable law.
3.1.7. Use of our blog, requesting content or creating a Public Profile
If you use our blog, request content or would like to participate in our webinars or events, we may ask you to provide us with some information (such as your name, job title, your photo or other information). By posting any information on publicly accessible blogs or other areas of our websites you acknowledge and agree that the data you provide on our websites - including information provided to create your public profile (hereinafter "Public Profile") - would be visible to any member of the public who accesses the websites. You can change the information in your Public Profile whenever you want.
We collect and display personal testimonials of satisfied customers and users on the Services in addition to other endorsements. With your consent, we may post your testimonial, along with your name, on the Services. If you wish to update or delete your testimonial, you can contact us at email@example.com.
3.2. Information Received From Third Parties
We may obtain personal data about you from our authorized resellers or distributors, for example, if you purchase access to the Services through one of these partners. The personal data we may receive include business contact information, including mailing addresses, job titles, email addresses, phone numbers.
3.3. Information Collected Automatically
Like many other commercial websites, we use certain technologies, such as tools for collecting usage data, cookies, web beacons, pixels, and similar technologies, to automatically collect information that may contain personal data as you navigate our websites or use our Services.
3.3.1. Device and Usage Data
When users come to our websites, we may track, collect, and aggregate information indicating, among other things, which pages of our websites were visited, the order in which they were visited, when they were visited, and which hyperlinks were clicked. We also collect information from the URLs from which you linked to our websites. Collecting such information may involve logging the IP address, operating system and browser software used by each user of the websites. We may be able to determine from an IP address a user’s Internet Service Provider and the geographic location of his or her point of connectivity.
3.3.2. Third-Party Widgets
3.3.3. Mailbox integration
Mailbox integration means an integration of Semrush tools with Gmail and/or Microsoft (Outlook, Exchange Online, Office365) accounts (jointly and individually referred to as “Mailbox account”) via API. Some of our tools may ask your permission to integrate your Mailbox account with.
In order to enhance your removal requests or outreach emails experience for your productivity and monitoring purposes you can grant us access to your Mailbox account via API only if you voluntarily decide to give us the permission to integrate our tools with your mail account and to choose which email account you would like to connect with our tools.
Due to this integration:
- you will be able to compose, send, read and process outreach email via a tool’s interface;
- you will be able to send removal requests regarding backlink(s) which looks unnatural or harmful via a tool’s interface;
- we will provide you with the information related to your emails sent via tool’s interface. We will show you if your emails were received, opened, if there are any replies to your emails. We will demonstrate your replies to your email via our tool interface.
After the integration we will be able to store in our database in the encrypted way the following information related only to outreach emails sent by you via tool interface:
- Initial email’s subject and body text;
- Replies email’s subject and body text;
- API token;
- Thread and message ids;
- Recipient(s) and sender of emails;
- Metadata: time/day of email sending, delivering, opening, replying, email status.
Notwithstanding anything herein to the contrary, we will use the data received via Mailbox integration only to provide you with the features mentioned above in order to enhance your email experience for productivity purposes and for monitoring purposes. We may also transfer data received via Mailbox integration as necessary to comply with applicable law or as a part of a merger, acquisition, or sale of assets with notice to users. All other transfers or sales of the user data received via Mailbox integration are prohibited.
We will not use the data received via Mailbox integration for any other purposes except providing you with services inside of our tools, specifically we will not use the data received via Mailbox integration for any advertising purposes, including retargeting, personalized or internet-based advertising. All the data received via Mailbox integration will be processed only at the software level.
We will allow a person to read the data received via Mailbox integration only if:
- You first give us affirmative agreement for specific messages;
- It is necessary for security purposes (such as investigating a bug or abuse);
- It is necessary to comply with applicable law; or
- Our use is limited to internal operations and the data received via Mailbox integration (including derivations) have been aggregated and truly anonymized.
You can revoke your permission and access to your Mailbox account at any time by clicking the “bin” icon next to the mailbox mention inside the tool. You can delete all your previous emails available due to the integration by deleting the project in the tool during the revocation process, or sending us the relevant request. As soon as you revoke the access, we will remove your Mailbox token which allowed us to carry out the functions mentioned above and stop monitoring your emails immediately.
For the purposes of this clause the data received via Mailbox integration means the raw data, aggregated data, anonymized data or derived data.
3.3.4. Cookies and Similar Technologies
The Services use Google Analytics, a web analytics service of Google Ireland Limited (Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland). The use includes the "Universal Analytics" operating mode. This facilitates the assignment of data, sessions and interactions across several devices to a pseudonymous user ID and thus the analysis of a user's activities across devices.
Google Maps API
If you reach our website via our partner’s Reference Link as described in our Affiliate program, we may use conversion tags, provided by Conversant LLC (“CJ Conversion Tags”), for the purposes of correct attribution of our partner’s marketing activity and the performance of our Affiliate program. You will receive the notice about our use of the Cookies and similar technologies during your first visit of our partner’s website including request for your consent with use of CJ Conversion Tags. You are the only person who decides if you would like to provide this permission, and you can revoke your permission any time by contacting us at firstname.lastname@example.org. CJ Conversion Tags collect the following data relating to the order and/or the form completed on our website:
- unique order ID;
- quantity of each product purchased;
- price of each product purchased;
- currency of the transaction;
- discount amount (if any);
- coupon code used (if any);
- marketing channel the sale is attributed to and a last click timestamp;
- dynamic CJ event click token captured on landing page URL.
4. How We Use Your Personal Data
We use the personal data we collect, described above, as follows:
To provide the Services and related support, process transactions, manage your user account and respond to your requests. This is necessary to perform the contract we are about to enter into or have entered into with you.
As necessary for certain legitimate interests, including:
- If we have not entered into a contract with you, to operate and administer our websites, to provide you with content you access and request (e.g., to download content from our websites), and to respond to your requests for our Services (including sharing your personal data with our resellers as necessary to respond to your request for the Services in an efficient manner and facilitate the sale of our Services, as described in the ‘How We Share Your Personal Data’ section below);
- To manage our relationship with you, which includes sending administrative information to you, for example, information regarding the website and changes to our terms, conditions, and policies, and responding to you requests or communicating with you;
- To analyze trends and track your usage of and interactions with our websites and Services in order to improve or enhance your experience by providing you with more relevant content and service offerings and help us develop new products and services (including to increase our Service’s functionality, product features, and user-friendliness).
- To prevent fraud or criminal activities, misuse of our products or services and ensure the security of our IT systems, architecture and networks;
- To (a) comply with legal obligations and legal process; (b) respond to requests from public and government authorities, including public and government authorities outside your country of residence; (c) enforce our Terms of Service; (d) protect our operations; (e) protect our rights, privacy, safety of property, and/or that of you or others; and (f) allow us to pursue available remedies or limit the damages that we may sustain.
- If you ask us to delete your data or to be removed from our marketing lists and we are required to fulfill your request, to keep basic data to identify you and prevent further unwanted processing.
To send you updates and information about our new products and services, upcoming events or other promotions or news by email or push notification.
Where required by law we will only send you marketing information if you consent to us doing so at the time you provide us your personal data. You may opt-out of receiving such emails by following the instructions in each promotional email we send you or by updating your user settings. In addition, if at any time you wish not to receive future communications or you wish to have your name deleted from our mailing lists, please contact us at email@example.com. We will continue to contact you via email regarding the provision of our Services and to respond to your requests.
5. How We Share Your Personal Data
Semrush will not sell, rent, lease or otherwise provide your personal data to others, except in order to provide you with the products and services you request and as further described below, or with your permission or as required by applicable law.
We may engage other companies and people to perform tasks on our behalf - meaning they are helping us provide our Services. In particular, we use third party providers of payment processing, fraud prevention, and risk assessment, hosting and other information technology services, email communication and customer support services, analytics, marketing, and advertising. Following our instructions, these parties may process your personal data in the course of providing the relevant services to us.
We may share your data with our affiliates for administrative purposes; for helping us provide our Services (such as providing engineering services), provide related customer support or to conduct sales and marketing activities on our behalf. For example, if you request information about a company or a service from a Semrush company, then we may pass your personal data relevant to such request onto another Semrush company to enable them to appropriately respond to your request. A list of our affiliates and their location is provided below:
- SEMRUSH RU LIMITED, Company address: 196006, St. Petersburg, Zastavskaya str. 22, building A, office n. 618, Russia, identification number: 7810453178 / KPP 781001001, Company number: 1137847340036
- SEMRUSH SM LIMITED, with registered office at 196006, St. Petersburg, Zastavskaya str. 22, building A, office n. 613, Russia, identification number: 7810687391 / KPP 781001001, Company number: 1177847182853
- Semrush CY LTD, registration No. HE 324428, Griva Digeni and Kolonakiou corner, Grosvenor tower, 2nd and 3rd floor, 3107 Neapolis, Limassol, Cyprus
- Semrush CZ s.r.o., registration No. 04464800, Na Hřebenech II 1718/10, Nusle, 140 00 Praha, Czech Republic
Resellers or Distributors
Social networking websites
Where permissible according to applicable law we may use certain limited personal data about you, such as your email address, to hash it and to share it with social network websites, such as Facebook or Google, to generate leads, drive traffic to our websites or otherwise promote our products or Services. The social network websites with which we may share your personal data are not controlled or supervised by us. Therefore, any questions regarding how your social network websites service provider processes your personal data should be directed to such provider.
If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of all or a portion of our assets, or transition of a service to another provider, your personal data and other information may be transferred to a successor or affiliate as part of that transaction.
We may share your personal data so that we can comply with a legal obligation to which we are subject, protect and defend the rights or property of Semrush, act in urgent circumstances to protect your personal safety or that of the public, or protect Semrush against legal liability. For example, where we are obliged to share your personal data with regulatory bodies which govern our work and services; government departments such as law enforcement, courts orders; financial institutions; external auditors; etc.
6. Data Retention
We retain your personal data for as long as reasonably necessary to provide the Services and fulfil the transactions you have requested, complying with our legal obligations or for other legitimate business purposes, such as maintaining business and financial records, resolving disputes, maintaining security, detecting and preventing fraud and abuse, and enforcing our agreements. After the applicable retention period has elapsed, your personal data will be anonymized and deleted.
7. How We Protect Your Personal Data
If you know or suspect that your personal data have been lost, stolen, misappropriated, or otherwise compromised, or in case of any actual or suspected unauthorized use of your Semrush account, please immediately contact us by email at firstname.lastname@example.org.
8. Updating And Accessing Your Personal Data
You may access, review, modify and delete your account profile information by going to your account and editing your information. However, if you want to update, delete, limit the use or disclosure of, or access the personal data we hold about you in our systems, you will need to email your request to us at email@example.com. Please also read the “European Users” section for more information which may be applicable to you.
Our Services are not directed to children who are under the age of 16. We do not knowingly collect personal data from children under the age of 16. If you have reason to believe that a child under the age of 16 has provided personal data to us through the Services, please contact us at firstname.lastname@example.org and we will endeavor to delete that information from our databases.
10. Country And State Specific Data Provacy Information
California Consumer Privacy Act
This section applies to individuals in the EEA or the UK.
Who Controls My Personal Data?
Some of our Affiliates process your personal data as data processors on our behalf and pursuant to our instructions in order to assist us in meeting business operations needs and to perform certain services and functions, such as engineering, sales and marketing. Please refer to the “How We Share Your Personal Data” section above for more information about how we may share your personal data.
Lawful Bases for Processing
What Rights Do You Have Regarding Your Personal Data?
As the data subject, you have:
- the right of access (Art 15 GDPR). If you ask us, we will confirm whether we are processing your personal data and, if so, provide you with a copy of the personal data along with certain other details.
- the right to rectification (Art 16 GDPR). If your personal data is inaccurate or incomplete, you are entitled to ask that we correct or complete it. If we shared your personal data with others, we will tell them about the correction where possible.
- the right to erasure (Art 17 GDPR). You may ask us to erase your personal data in some circumstances, such as where we no longer need it or you withdraw your consent. If we shared your data with others, we will alert them to the need for erasure where possible.
- the right to restriction of processing (Art 18 GDPR). You may ask us to restrict or ‘block’ the processing of your personal data in certain circumstances, such as where you contest the accuracy of the data or object to us processing it (please read below for information on your right to object). We will tell you before we lift any restriction on processing. If we shared your personal data with others, we will tell them about the restriction where possible.
- the right to data portability (Art 20 GDPR). You have the right to obtain your personal data from us that you consented to give us or that was provided to us as necessary in connection with our contract with you, and that we processed with automated means. We will give you your personal data in a structured, commonly used and machine-readable format. You may reuse it elsewhere.
- the right to object (Art 21 GDPR). You may ask us at any time to stop processing your personal data, and we will do so:
- if we are relying on a legitimate interest to process your personal data – unless we demonstrate compelling legitimate grounds for the processing or your data is needed to establish, exercise, or defend legal claims; or
- if we are processing your personal data for direct marketing.
- the right to withdraw consent (Art 7 (3) GDPR). If we rely on your consent to process your personal data, you have the right to withdraw that consent at any time, but this will not affect any processing of your data that has already taken place.
- the right to make a complaint with the data protection authority. If you have a concern about our privacy practices, including the way we handled your personal data, you can report it to the data protection authority that is authorized to hear those concerns.
You may contact us at email@example.com to exercise your rights. Semrush Inc. will be responsible for responding to your requests, in accordance with the GDPR.
International Transfers of Personal Data
Semrush Inc. is based in the United States and other members of our group are based in countries outside the EEA or the UK (please read the Affiliates section above for more information). If you are accessing our websites and the Services from the EEA, the UK or other regions with laws governing data collection and use, please note that in connection with our business and for administrative, management and legal purposes, we may transfer your personal data from the country where you reside to Semrush Inc. in the United States and to other members of our group in the jurisdictions in which our affiliates are established and to our service providers in the United States. These countries may have data protection laws less stringent than or otherwise different from the laws in effect in the country in which you are located. Where we transfer your personal data as described above, we will take steps to ensure that your personal data receives adequate security protection where it is processed and your rights continue to be protected pursuant to the applicable data protection law, including through the use of Standard Contractual Clauses approved by the European Commission. In some cases, transfers of your personal data to us is necessary to perform the agreement we have entered into, or are about to enter into, with you. If you would like to receive more information on the safeguards that we implement as described above, please contact us as indicated below.
11. Contact Information
Semrush Inc. 800 Boylston Street, Suite 2475 Boston, MA, 02199 U.S.A. Attention: General Counsel
If your request relates to the European Data Protection Law, including the GDPR, please contact:
Semrush CZ s.r.o. Na Hřebenech II 1718/10 Nusle, 140 00 Praha Czech Republic Attention: General Counsel