OpinionSite Privacy Shield Policy
Last Updated May 21, 2018
|Notice for European Union Residents
OpinionSite complies with the General Data Protection Regulation (GDPR) and the EU-U.S. Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of Personal Data transferred from European Union to the United States, respectively. OpinionSite has certified to the Department of Commerce that it adheres to the Privacy Shield Privacy Principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, and recourse, enforcement and liability for personal data submitted by our Members in participating European Union countries and our Privacy Shield certification is available here. We may also process personal data our Members submit relating to individuals in the EU via other compliance mechanisms, including data processing agreements based on the EU Standard Contractual Clauses. OpinionSite acknowledges that as a participant in the Privacy Shield Framework we are under the enforcement authority of the Federal Trade Commission.
To learn more about the Privacy Shield program, please visit https://www.privacyshield.gov/.
Capitalized terms are defined in Section XV of this Policy.
This Policy applies to the processing of Member Personal Data that OpinionSite transfers to and stores in the United States. We operate OpinionSite through which we provide surveys that can be taken via electronic notification methods such as, but not limited to, email. We provide support to organizations that conduct research primarily for marketing or for social science purposes.
We’re committed to helping you understand how we manage and protect the information we collect. We take privacy seriously and have taken many steps to help safeguard the information we collect from you.
II. RESPONSIBILITIES AND MANAGEMENT
|OpinionSite has designated the Privacy Department to oversee its information security program, including its compliance with the Privacy Shield program. The Privacy Department shall review and approve any material changes to this program as necessary. Any questions, concerns, or comments regarding this Policy also may be directed to privacy@OpinionSite.com.|
OpinionSite will maintain, monitor, test, and upgrade information security policies, practices, and systems to assist in protecting the Personal Data that it collects. OpinionSite personnel will receive training, as applicable, to effectively implement this Policy. Please refer to Section VIII for a discussion of the steps that OpinionSite has undertaken to protect Personal Data.
III. RENEWAL / VERIFICATION
OpinionSite will renew its Privacy Shield certification annually, unless it subsequently determines that it no longer needs such certification or if it employs a different adequacy mechanism.
Prior to the re-certification, OpinionSite will conduct an in-house verification to ensure that its attestations and assertions with regard to its treatment of Member Personal Data are accurate and that the company has appropriately implemented these practices. Specifically, as part of the verification process, OpinionSite will undertake the following:
- Review this Policy to ensure that it accurately describe the practices regarding the collection of Member Personal Data.
- Ensure that this Policy informs its Members of OpinionSite’s participation in the Privacy Shield program and where to obtain a copy of additional information (e.g., a copy of this Policy).
- Ensure that this Policy continues to comply with the Privacy Shield principles.
- Review its processes and procedures for training Employees about OpinionSite’s participation in the Privacy Shield program and the appropriate handling of Member Personal Data.
OpinionSite will prepare an internal verification statement on an annual basis
IV. PURPOSES OF DATA PROCESSING, LEGAL BASES AND AUTOMATED DECISIONS
Members may sign up for OpinionSite by completing the “Double Opt-in” process at our Site or through one of our many partners’ Sites. During the Double Opt-in process, members are sent a confirmation email following an initial request to subscribe at our Site or one of our partners’ Sites, and all members must affirmatively click an additional link in that confirmation email to confirm their opt-in preference.
|As a general matter, OpinionSite collects the following types of Personal Data from its Members: name, phone number, email address, residential or work address and IP address. OpinionSite may also collect other information , such as certain demographic information, as well as information regarding your hobbies, interests, product ownership, medical practice, medical registration, your medical specialty and your professional activities and other information you provide to us by registering for OpinionSite, participating in our surveys or services, or making requests for information about our services.|
Registration for OpinionSite is not required to view non-member areas of the Site. If you elect to register for OpinionSite, we ask you for information that enables us to provide an OpinionSite membership. You will be registering with OpinionSite on the form provided and such registration may require you to voluntarily provide contact information such as your email address, your name, your residential or work address, and certain demographic information. In addition, from time to time, we receive e-mail addresses from one of our partners, who may ask us to contact you to offer you a survey.
We use third party providers to validate the accuracy of Personal Data you provide so that we may offer better statistical samples to our clients, as well as to prevent fraud. We use third parties to provide us with data they have collected about you and append this data to your demographic profile. In these cases, only a minimum amount of information is transferred to these third parties so as to enable them to perform specific security functions on our behalf.
Additionally, in certain circumstances, we offer individuals the ability to participate in our clients’ surveys outside of OpinionSite. If you are asked to participate in such a survey, we will request limited information about you. In some cases, after completion of the initial survey, we may request Personal Data about you in order to provide rewards, to offer you the opportunity to join OpinionSite, or to participate in further surveys.
You may be referred to OpinionSite or our surveys by one of our third-party business partners. In the event that we ask such partner to contact you with additional survey opportunities, we may share certain basic Personal Data that we understand such partner already maintains (such as your e-mail address and gender) as well as certain basic information regarding your OpinionSite activity (such as the last time you completed a survey).
Any information provided to us will be retained and used solely for the purposes of fulfilling your requests, responding to your questions, offering you opportunities to participate in surveys, performing and carrying out the terms of OpinionSite (including fulfilling any rewards), or communicating with you as a Member of Opinion.
We support the rights of our Members by limiting the use of their information for legitimate market research purposes and we make every effort to conform to industry standards created to uphold ethical survey research.
OpinionSite uses Personal Data that it collects directly from its Members for the following business purposes, without limitation:
- maintaining and supporting its products, delivering and providing the requested products/services including payment of honoraria to its Members, and complying with its contractual obligations related thereto
- satisfying governmental reporting, tax, and other requirements;
- storing and processing data, including Personal Data, in computer databases and servers located in the United States;
- verifying identity (e.g., for online access to accounts);
- as requested by the Member;
- for other business-related purposes permitted or required under applicable local law and regulation; and
- as otherwise required by law.
|Our legal bases for the processing of your personal data are: 1) your consent and/or 2) any other applicable legal bases, such as our legitimate interest in engaging in commerce and offering products and services of value to our members.
We reserve the right to make automated decisions, including using machine learning algorithms, about our members and website visitors in order to optimize the products and services offered and/or delivered.
V. CHOICE WITH RESPECT TO USES AND DISCLOSURES OF PERSONAL DATA
OpinionSite recognizes that EU individuals have the right to limit the use and disclosure of their Personal Data, and we are committed to respecting those rights. We offer individuals the opportunity to opt out of disclosures of Personal Data to a Third Party or the use of Personal Data for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by the individual. We will comply with the GDPR with respect to disclosures of Sensitive Data including, when applicable, obtaining the explicit consent (i.e., opt in consent) of an individual prior to disclosing Sensitive Data to a Third Party or using Sensitive Data for purposes other than those for which it was originally collected or subsequently authorized by the individual.
VI. DISCLOSURES / ONWARD TRANSFERS OF PERSONAL DATA
OpinionSite is potentially liable in cases of onward transfers of Personal Data to third parties, such as when third parties that act as agents on our behalf process Personal Data in a manner inconsistent with applicable data protection regulations. We will ensure that any third party to which we disclose Personal Data provides the same level of privacy protection as is required by the applicable data protection regulations and agrees in writing to provide an adequate level of privacy protection. Except as otherwise provided herein, OpinionSite discloses Personal Data only to third parties who reasonably need to know such data. Such recipients must agree to abide by confidentiality obligations.
|OpinionSite may provide Personal Data to third parties that act as agents, consultants, and contractors to perform tasks on behalf of and under our instructions.
Examples of such third parties and agents, consultants, and contractors to whom we transfer Personal Data, as well as the purposes for which we provide them with Personal Data, are listed in Section IV above.
Such Third Parties must agree to use such Personal Data only for the purposes for which they have been engaged by OpinionSite and they must either: (1) comply with the GDPR, the Privacy Shield principles or another mechanism permitted by the applicable European data protection law(s) for transfers and processing of Personal Data; or (2) agree to provide adequate protections for the Personal Data that are no less protective than those set out in this Policy.
OpinionSite also may disclose Personal Data for other purposes or to other Third Parties when a Data Subject has consented to or requested such disclosure or under the following circumstances:
- To respond to subpoenas, court orders, or legal process, or to establish or exercise our legal rights or defend against legal claims;
- We may sell or share OpinionSite Member non-PII information to other advertisers or businesses whom we believe you may find useful and in order to enhance the service provided to our Members.
- We will not sell or share OpinionSite Member PII information to another company that will use it to sell you products or services.
Please be aware that in rare situations, it may be necessary disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
VII. DATA INTEGRITY, PURPOSE LIMITATION AND DATA RETENTION
OpinionSite shall not process Personal Data in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by the individual. To that end, OpinionSite will take reasonable steps to ensure that Personal Data is reliable for its intended use, accurate, complete, and current. OpinionSite uses reasonable efforts to maintain the accuracy and integrity of Personal Data and to update it as appropriate.
|OpinionSite Account Data:
We will retain your information for as long as your account is active and for twenty-four (24) months thereafter to allow you to re-activate your account without loss of data.
This applies to all electronic survey data collected by SHC fielding operations, including data stored on third-party survey systems. Retention times will be limited to 5 years at which time disposal will be completed in a secure manner that protects confidential information. We will also retain your information as necessary to comply with our legal obligations, resolve disputes and enforce our agreements.
We will also retain your information for as long as is permitted under applicable law.
VIII. DATA SECURITY
OpinionSite has implemented physical and technical safeguards to protect Personal Data from loss, misuse, and unauthorized access, disclosure, alternation, or destruction.
For example, electronically stored Personal Data is stored on a secure network with firewall protection, and access to OpinionSite’s electronic information systems requires user authentication via password or similar means. OpinionSite also employs access restrictions, limiting the scope of employees who have access to Member Personal Data. Further, OpinionSite uses secure encryption technology to protect certain categories of personal data.
Despite these precautions, no data security safeguards guarantee 100% security all of the time.
OpinionSite notifies Members about its adherence to the GDPR and other applicable data protection regulations, as well as the Privacy Shield principles through its publicly posted Privacy Notice, available at the following sites:
OpinionSite Health: https://opinionsite.com/healthcare
OpinionSite Consumer: https://opinionsite.com/consumer
X. PERSONNEL ACCESSING OF PERSONAL DATA
OpinionSite personnel may access and use Personal Data only if they are authorized to do so and only for the purpose for which they are authorized.
XI. RIGHT TO ACCESS, CHANGE OR DELETE PERSONAL DATA
Right to Access, Rectification and Erasure.
Members (Data Subjects) have the right to obtain confirmation about whether Personal Data is included about them in our databases. Upon request, OpinionSite will provide an individual access to his or her Personal Data within the timeframe dictated by the applicable data protection regulation.
OpinionSite will permit an individual to know what Personal Data about them is included in our databases and to ensure that such Personal Data is accurate and relevant for the purposes for which OpinionSite collected the Personal Data.
Members may review their own Personal Data stored in the databases and correct, update, modify, or delete any data that is incorrect or incomplete.
Your right to access your Personal Data may be restricted in exceptional circumstances, including, but not limited to, when the burden or expense of providing this access would be disproportionate to the risks to your privacy in the case in question, or where the rights of persons other than you would be violated by the provision of such access. If we determine that your access should be restricted in a particular instance, we will provide you with an explanation of our determination and respond to any inquiries you may have.
|Members may access and modify their Personal Data by logging into their account profile or by contacting OpinionSite by phone or email. In making modifications to their Personal Data, Data Subjects must provide only truthful, complete, and accurate information. To request deletion of Personal Data, Members should submit a written request to:
Via Postal Mail:
Requests for Personal Data.
OpinionSite will track each of the following and will provide notice to the appropriate parties under law and contract when either of the following circumstances arise: (a) legally binding request for disclosure of the Personal Data by a law enforcement authority unless prohibited by law or regulation; or (b) requests received from the Data Subject.
Additional rights for EU Data Subjects:
You may object, at any time, to your Personal Data being processed for a specific purpose.
Restriction of Processing.
You may restrict processing of your Personal Data for certain reasons, such as, for example if you consider your Personal Data collected by us to be inaccurate or you have objected to the processing and the existence of legitimate grounds for processing is still under consideration.
You may request the Personal Data you provided to us in a commonly used and machine-readable form.
Right to Withdraw Consent
You have the right to withdraw your consent at any time, without affecting the lawfulness of our processing based on such consent before it was withdrawn, including processing related to existing contracts for our Services
XII. CHANGES TO THIS POLICY
This Policy may be amended from time to time, consistent with the Privacy Shield Principles and applicable data protection and privacy laws and principles. We will notify Members if we make changes that materially affect the way we handle Personal Data previously collected, and we will allow them to choose whether their Personal Data may be used in any materially different manner.
XIII. QUESTIONS OR COMPLAINTS
|Members may contact Opinion Site with questions, concerns, or complaints concerning our privacy practices or this Privacy Notice at the following addresses:
Via Postal Mail:
XIV. ENFORCEMENT AND DISPUTE RESOLUTION
We commit to resolving individuals’ complaints related to our privacy practices or our collection, or use, or disclosure of Personal Data. An individual may file a privacy complaint by contacting us at our contact information in Section XI. Further, individuals with questions or concerns about the use or disclosure of their Personal Data should contact us as outlined in Section XIII.
OpinionSite acknowledges that as a participant in the Privacy Shield Framework we are under the enforcement authority of the Federal Trade Commission.
If an individual’s complaint cannot be satisfied through this process, the individual may bring a complaint before the INSIGHTS ASSOCIATION PRIVACY SHIELD PROGRAM, a non-profit alternative dispute resolution provider located in the United States and operated by the Insights Association. The INSIGHTS ASSOCIATION PRIVACY SHIELD PROGRAM is designed to handle eligible complaints brought by EU citizens about Privacy Shield Principles. If you have any complaints regarding our compliance with the Privacy Shield Framework you should first contact us (as provided above).
If contacting us does not resolve your complaint or you do not receive timely acknowledgement of your complaint, please visit the INSIGHTS ASSOCIATION PRIVACY SHIELD PROGRAM website at http://www.insightsassociation.org/get-support/privacy-shield-program/privacy-shield-eu-swiss-citizens-file-complaint for more information and to file a complaint. We will cooperate with the independent dispute resolution mechanism to resolve any complaint that is not resolved through our internal processes. Please note that if an individual’s complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.
“Member” means a prospective, current, or former member of OpinionSite.
“Data Subject” means an identified or identifiable natural living person in the European Union. An identifiable person is one who can be identified, directly or indirectly, by reference to a name, or to one or more factors unique to his or her personal physical, psychological, mental, economic, cultural or social characteristics.
“Employee” means an employee (whether temporary, permanent, part-time, or contract), former employee, independent contractor, or job applicant of OpinionSite or any of its affiliates or subsidiaries.
“Europe” or “European” refers to a country in the European Economic Area.
“Personal Data” as defined under Regulation (EU) 2016/679, the General Data Protection Regulation means any and all data (regardless of format) that (i) identifies or can be used to identify, contact or locate a natural person, or (ii) pertains in any way to an identified natural person. Personal Data includes obvious identifiers (such as names, addresses, email addresses, phone numbers and identification numbers) as well as biometric data, “personal data” (as defined in the GDPR), and any and all information about an individual’s computer or mobile device or technology usage, including (for example and without limitation) IP address, MAC address, unique device identifiers, unique identifiers set in cookies, and any information passively captured about a person’s online activities, browsing, application or hotspot usage or device location.
“Sensitive Data” is a subset of Personal Data which due to its nature has been classified by law as deserving additional privacy and security protections. Sensitive Personal Data consists of: (i) all government-issued identification numbers, (ii) all financial account numbers (including payment card information and health insurance numbers), (iii) individual medical records, genetic and biometric information, (iv) user account credentials, such as usernames, passwords, security questions/answers and other password recovery data, (v) data elements that constitute Special Categories of Data under the GDPR, namely EEA Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation, and (vi) any other Personal Data designated by Research Partnership as Sensitive Personal Data.