Data management

 

This is a summary of how Extellio collects and handles data from visitors and respondents from the customer's website and through surveys.

Script

Extellio uses a script on the customer's website to trigger surveys and collect data.

The script is asynchronous which means that it is designed to not affect the site's loading. Also, it doesn’t affect the website if there should be any breakdowns in communication with Extellio servers. The script is supported by the latest versions of Edge / Chrome / Firefox / Safari.

There are two types of script management, hosting at Extellio and hosting at the customer.

Hosting by Extellio

The script is hosted by Extellio via a CDN and loaded into the page using a script tag on the customer’s website. For the website user in this case the script will be a 3rd party script.

This means that the script’s settings are updated automatically, which makes it possible to adjust the data collection on the website directly via the Extellio platform.

Hosting by the customer

The script can also be hosted by the customer. The customer then controls the script, and the customer needs to generate a new script on the Extellio platform and replace the old script on their website with every change in the data collection.

Cookies on the customer’s website

When does this list of cookies not apply?

  • If the customer has used the prefix feature available in the Extellio platform, check their cookie policy for the correct cookie prefix.
  • If the customer has turned on cookieless tracking, no analytics cookies will be set.
  • If the customer is using cookieless surveys, no survey cookies will be set.

Depending on the customer's cookie policy the customer will have to inform users about these cookies. If the customer asks the visitors for consent on the website the customer has to wait with loading the Extellio script until consent is given to avoid cookies being set premature.

If the customer uses surveys:

Extellio uses local storage, and session storage on the customer's website to control when and who should see different surveys. If storage is unavailable, it falls back to regular cookies.

 

The following is saved in the respondents’ browser:

extellio_respondentID

Type: Analytical | Storage: Local storage | Lifetime - 12 months

Randomly generated ID to keep track of visitors over time

extellio_timers

Type: Functional | Storage: Local storage |   Lifetime - 1 year

Tracks time spent on pages to decide when to trigger surveys. This information is not used in any other way and never leaves the browser.

extellio_session_timers

Type: Functional |   Storage: Local storage |   Lifetime - Session

Tracks time spent on pages during the current visit to decide when to trigger surveys. This information is not used in any other way and never leaves the browser.

extellio_<surveyId>

Type: Functional | Storage: Local storage   |   Lifetime - 1 year

One entry for each survey that has been active on the website. Stores information of when the survey was triggered, shown, dismissed, and completed to help decide when to trigger surveys. This information is not used in any other way and never leaves the browser.

 

If the customer uses analytics:

If Extellio is also used to collect analytics data, additional cookies are set to track the visitor's behavior on the website:

extellio_respondentID

Type: Analytical | Storage: Local storage | Lifetime - 12 months

Randomly generated ID to keep track of visitors over time

extellio_id

Type: Analytical | Storage: First-party cookie | Lifetime - 13 months

Stores a randomly generated analytics ID, visit count, current time (refreshed with every user action), time of the last visit, and time of previous e-commerce order.

 

extellio_ses

Type: Analytical | Storage: First-party cookie | Lifetime - 30 minutes

Shows if there is an active session by the visitor. If the cookie isn’t present the session finished over 30 minutes ago. Temporarily stores visit count, current time (refreshed with every user action), time of the last visit, and time of previous e-commerce order before it's saved in the extellio_id - cookie.

 

extellio_ref

Type: Analytical | Storage: First-party cookie | Lifetime - 6 months

Stores the attribution data, the original referrer used to visit the website

 

extellio_hsr (only if the customer uses heatmaps or session recordings)

Type: Analytical | Storage: First-party cookie | Lifetime - 30 minutes

Stores the ID of the heatmap or session recording being sampled

 

extellio_cvar (optional)

Type: Analytical | Storage: First-party cookie | Lifetime - 30 minutes

Contains custom variables that were set during a previous page view. Requires using the storeCustomVariablesInCookie() method.

 

Data storage

Extellio stores data with ElastX AB on servers in Sweden. The servers are behind a firewall that is only open for HTTPS traffic. Backup of the database is taken every day and stored with City Network Hosting AB in Sweden.

When the customer uses surveys with Extellio it will store the following information:

  • Survey answers
  • URL of the page on which the response is made
  • Title of the page on which the response is made
  • Browser user-agent
  • Browser language
  • IP number (not stored but used only to look up which country the respondent is in

When the customer uses Analytics with Extellio it will track the following information:

  • Anonymized User IP addresses.
  • User ID
  • Date and time of the request
  • Title of the page being viewed (Page title)
  • URL of the page being viewed (Page URL)
  • URL of the page that was viewed prior to the current page (Referrer URL)
  • Screen resolution being used
  • Time in the local user's timezone
  • Files that were downloaded
  • Usage of site search, including search keywords
  • Links to an outside domain that were clicked
  • Pages generation time
  • Location of the user: country, region, city, approximate latitude and longitude
  • The main language of the browser being used (Accept-Language header)
  • User Agent of the browser being used to detect browser, operating system, device used, brand, and model.
  • Form interactions

Some information is also stored in first-party cookies which are tracked by Extellio:

  • Randomized unique Visitor ID
  • Time of the first visit for this user
  • Time of the previous visit for this user
  • Number of visits for this user

Data that may be tracked (optional)

Depending on what optional features the customer has configured, the customer can track more information about the user and how they're using the website. 

  • Custom dimensions
  • Custom variables
  • Campaigns
  • Goals
  • Events
  • E-commerce
  • Viewing and clicking on Contents
  • Mouse movements, clicks, and scrolls
  • Video and audio interactions

Access to data

Extellio and some contracted subcontractors, needed in order for us to deliver and develop our services, have access to data. Such subcontractors have confidentiality and personal data agreements with Extellio.

In addition, the customer and, where appropriate, external parties that are approved by the customer, have access to the data collected during the time when they have a valid license. Customer access to data is via Extellioplatform, either through personal login or via API.

Extellio platform

Extellio platform is accessed by customers via the internet with a personal login. User accounts and logins are managed by the company Auth0. Verification of user privileges is done using JWT issued by Auth0 and is valid for 24 hours.

Personal data

Normally the data Extellio tracks are anonymous and no personal data is collected. However, in some instances, it may be the case that the tracking collects personal data.

Depending on the agreement, either Extellio or the customer is the data controller for personal data in those instances:

If there is no written personal data processor agreement between Extellio and the customer, Extellio is the personal data controller. This means that the Extellio privacy policy applies and is shown in the survey for the respondent. Extellio will not share any respondent’s personal data with the customer unless the respondent explicitly requests it. Any personal data will be deleted in accordance with the Extellio archiving policy.

If there is a written personal data processor agreement with the customer, the customer is the personal data controller and Extellio is the personal data processor. This means that the customer's privacy policy applies and is shown in the survey for the respondent. The customer has the right to see the respondents' personal data. The personal data processor agreement governs how the personal data is handled by Extellio. Unless otherwise stated, sign-up to the Client panel and contact requests are handled according to the same routines as if Extellio were responsible for personal data. However, personal data provided in free text responses will not be deleted on a regular basis unless the customer instructs Extellio to do so.